Everyone using the popular WordPress plugin Contact Form 7 version 5.3.1 and older needs to update it immediately to address a severe security vulnerability.
The developers of Contact Form 7 have reported:
“An unrestricted file upload vulnerability has been found in Contact Form 7 5.3.1 and older versions.
Utilizing this vulnerability, a form submitter can bypass Contact Form 7’s filename sanitization, and upload a file which can be executed as a script file on the host server.”
It has been fixed in version 5.3.2.
