Morioh
Login
Mckayla Quigley

Mckayla Quigley

2 years ago

The critical vulnerability ([CVE-2020-35489]) is classified as an unrestricted file upload bug, according to [Astra Security Research, which found the flaw on Wednesday]

Quick Fix

“The plugin developer ([Takayuki Miyoshi] ) was quick to fix the vulnerability, realizing its critical nature. We communicated back and forth trying to release the update as soon as possible to prevent any exploitation. An update fixing the issue has already been released, [in version 5.3.2] ,” according to Astra.

Easy to Exploit

“It is easily exploitable. And the attacker wouldn’t need to be authenticated and the attack can be done remotely,” said Naman Rastogi, digital marketer and growth hacker with Astra, in an email interview with Threatpost.

#wordpress #contact form 7 #wordpress plugin #website running

5M WordPress Sites Running 'Contact Form 7' Plugin Open to Attack

threatpost.com

5M WordPress Sites Running 'Contact Form 7' Plugin Open to Attack

A critical unrestricted file upload bug in Contact Form 7 allows an unauthenticated visitor to take over a site running the plugin. The WordPress utility is active on 5 million websites with a majority of those sites running version 5.3.1 or older of the Contact Form 7 plugin.

1.25 GEEK