Get a Pentest and security assessment of your IT network.

Cyber Security

5M WordPress Sites Running ‘Contact Form 7’ Plugin Open to Attack

A critical unrestricted file upload bug in Contact Form 7 allows an unauthenticated visitor to take over a site running the plugin. An attacker could also commandeer the server hosting the site if there is no containerization used to segregate the website hosting the WordPress instance. The bug hunter credited for identifying the flaw, Jinson Varghese, wrote that the vulnerability allows a user to bypass any form file-type restrictions in the plugin and upload an executable binary to a website running 5.3.1 or earlier. The plugin developer was quick to fix the vulnerability, realizing its critical nature, according to researchers.

Source: https://threatpost.com/contact-form-7-plugin-bug/162383/

Related posts
Cyber Security

Zip Codes & PII: Are They Personal Data?

Cyber Security

Zero-Day Vulnerabilities: User Defence Guide

Cyber Security

Zero Knowledge Voting with Trusted Server

Cyber Security

ZeroNet: 51% Attack Risks & Mitigation