Dec 19
Everyone using the popular WordPress plugin Contact Form 7 version 5.3.1 and older needs to update it immediately to address a severe security vulnerability.

The developers of Contact Form 7 have reported:

“An unrestricted file upload vulnerability has been found in Contact Form 7 5.3.1 and older versions.

Utilizing this vulnerability, a form submitter can bypass Contact Form 7’s filename sanitization, and upload a file which can be executed as a script file on the host server.”

It has been fixed in version 5.3.2.