Update WordPress Contact Form 7 Plugin Immediately For Security. Is your company’s website built around WordPress? If so, you’re certainly not alone. WordPress is, to this day, the simplest way to get a site up and running quickly. It’s easy to use, has an intuitive interface, and thousands of great plugins extend its capabilities.
Unfortunately, hackers are all too aware of these facts, which sometimes makes the platform and its legion of plugins a tempting target.
That’s the case to update WordPress Contact Form 7, one of the most popular WordPress plugins, boasting more than five million active installations. Unfortunately, the plugin team recently disclosed a critical security vulnerability that puts any website using it at risk.
WordPress moved quickly to address the issue and ensure your site is protected. You will need to install the plugin’s latest version of Contact Form 7. As with most things in the WordPress world, upgrading your plugins is easy to do and will only take a few minutes of your time. Even so, it’s a few minutes you’ll need to spend if you want to ensure that your site is secure.
WordPress’ Contact Form 7 vulnerability in question is CVE-2020-35489. Its classification has an unrestricted file upload vulnerability allowing hackers to bypass security measures you have in place. You may accidentally upload arbitrary code onto any server running the old version of the plugin.
That’s about as bad as it gets because hackers can upload absolutely anything from keyloggers and sniffers to code that will copy every sensitive file you’ve got and then start encrypting data, or worse. All that to say, if you use WordPress and using Contact Form 7, it pays to double-check to see if you’re also using Contact Form 7, and if you are, upgrade the plugin right away.