A file-uploadable (most dangerous) vulnerability was discovered in the Contact Form 7 plugin 5.3.1 and below, which is installed in 5 million sites.

Alert: File Upload Vulnerability in Contact Form 7 5.3.1 and Below

According to this vulnerability discovered by Astra, 5 million sites are affected by this vulnerability.

A malicious script can be injected by uploading a web shell (malicious program).
If there is no containerization between websites on the same server, the vulnerability can spread to all sites on the server.

Extreme vigilance is required.

CVE score (vulnerability risk) of 10 points, the highest level of vulnerability score given
https://nvd.nist.gov/vuln/detail/CVE-2020-35489

Coping Methods

1 Update Contact Form 7 to the latest version.

2 If the above is difficult, manually patch the vulnerable files.
According to the Contact Form 7 developer’s program revision history, the following fixes are believed to close the vulnerability.

https://github.com/takayukister/contact-form-7/commit/2e45060ff0b4610e9665d996bc91f725ff5fc381

wp-content/plugins/contact-form-7/includes/formatting.php
in the wpcf7_antiscript_file_name function after $filename has passed through the basename function once.

$filename = preg_replace( '/[\pC\pZ] /i', '', $filename ); //add this line

and add the above line.

For vulnerability testing, please use the [Free] WordPress:Malware Scan & Security Plugin [Malware and Virus Detection and Removal].

Related Posts:

  1. Vulnerability in File Manager Plugin, which allows WordPress to operate like FTP software
    The File Manager plug-in, which enables file manipulation on the administration screen like FTP software and has been installed on over 700,000 sites, has a very dangerous vulnerability in version 6.9 or lower....
  2. Vulnerability in tagDiv Composer plugin bundled with WordPress Newspaper theme allows database rewriting
    A vulnerability in tagDiv Composer, a plugin included with the WordPress Newspaper theme, has been discovered that allows the database to be rewritten....
  3. What is a 0Day attack that exploits a WordPress vulnerability?
    About 60% of WordPress tampering damage is caused by vulnerabilities in the old WordPress itself and plugins. Some of these are 0-day attacks. This is explained here....
  4. Vulnerability CVE-2023-22622 in WordPress 6.1.1 and below
    Recently, the international vulnerability database NIST has released CVE-2023-22622 as a vulnerability in WordPress 6.1.1 and below. The following is an explanation of the results of our investigation....
  5. What is the most common vulnerability cross-site scripting in WordPress?
    The most common vulnerability in WordPress is called Cross Site Scripting (XSS). We would like to explain about this vulnerability....
  6. Vulnerability in wordpress plugin yuzo related posts, plugin cannot be downloaded
    There is a vulnerability in the wordpress plugin yuzo related posts, but no update has been released. this article explains how to resolve the vulnerability in yuzo related posts....