WordPress Plugin Vulnerabilities

Contact Form 7 < 5.3.2 - Unrestricted File Upload

Description

The popular WordPress plugin, Contact Form 7 was found to be vulnerable to Unrestricted File Upload.

Proof of Concept

Append a unicode special character (from U+0000 [null] to U+001F [us]) to a filename and upload it via the ContactForm7 upload feature

Affects Plugins

Plugin icon
contact-form-7
Fixed in 5.3.2

References

CVE
CVE-2020-35489
URL
https://www.getastra.com/blog/911/plugin-exploit/contact-form-7-unrestricted-file-upload-vulnerability/
URL
https://www.jinsonvarghese.com/unrestricted-file-upload-in-contact-form-7/
URL
https://contactform7.com/2020/12/17/contact-form-7-532/#more-38314

Miscellaneous

Original Researcher
Jinson Varghese Behanan
Submitter
Jinson Varghese Behanan
Submitter website
https://www.getastra.com/
Submitter twitter
JinsonCyberSec
Verified
No
WPVDB ID
7391118e-eef5-4ff8-a8ea-f6b65f442c63

Timeline

Publicly Published
2020-12-17 (about 3 years ago)
Added
2020-12-17 (about 3 years ago)
Last Updated
2020-12-21 (about 3 years ago)

Other

Published
Title
Published
2024-05-09
Title
LearnPress – WordPress LMS Plugin < 4.2.6.6 - Authenticated (Instructor+) Arbitrary File Upload
Published
2024-04-01
Title
EnvíaloSimple: Email Marketing y Newsletters <= 2.3 - Cross-Site Request Forgery to Arbitrary File Upload
Published
2022-10-28
Title
Api2Cart Bridge Connector < 1.2.0 - Unauthenticated Arbitrary File Upload
Published
2022-11-28
Title
SEO Plugin by Squirrly SEO < 12.1.11 - Contributor+ Arbitrary File Upload
Published
2016-06-22
Title
Contus Video Comments - Unauthenticated Remote JPG File Upload