Ninja blog

Contact Form 7 WordPress Plugin Vulnerability

A critical vulnerability was found in Contact Form 7. The WordPress utility is activated on more than 5 million websites, and 70% of these are running the unprotected 5.3.1 version or older. The vulnerability allows attackers to bypass Contact Form 7’s filename sanitization and upload a file that can be executed as a script file on the host server.

Plugin description

Contact Form 7 can manage multiple contact forms. You can customize the form and the mail contents simply with the help of it. The form supports Ajax-powered submitting, Akismet spam filtering, and also CAPTCHA.

The vulnerability

WordPress allows multiple user roles such as contributors, editors, subscribers, authors, etc. In Contact Form 7, this vulnerability allows attackers to bypass Contact Form 7’s filename sanitization. A user can behave like a contributor and be able to edit the content form. This feature should be available only for editors and admins. With this permission, the attacker can also upload a malicious code that can be used to tamper with a database and obtain a reverse shell, opening the way for further attacks.

What you should do if you have BitNinja installed on your servers

Enable your WAF 2.0 module on the Dashboard, sit back, and enjoy the ultimate server security protection.

What you should do if you don’t have BitNinja installed on your servers

Update Contact Form 7

The urgent security and maintenance 5.3.2 version is released. We strongly recommend you to update your plugin to it ASAP.
Subscribe to BitNinja ServerProtection

A vulnerability like this can have irreversible effects. It can lead to profit loss, or even worse: it can damage your reputation.

Sign up for a free trial

Don’t risk your web hosting business! Download BitNinja now and enjoy the free trial with full functionality for 7-days. No credit card needed!

We are always happy to help you! If you have any questions, check out our Knowledgebase; feel free to ask at info@bitninja.io, or you can even reach us on the Dashboard chat!

Have a Hacker-free Festive Season!

The Endless Loop of Malware Reinfection

Big stability improvements! - New BitNinja version (V3.5.0)

The Guardians of the Cyberspace: The Team that Made Us the Leaders in Server Security

Easy Server Management: Introducing the Cloud Configuration

Cloud Configuration is now live! - New BitNinja version (V3.4.1)

Beware the Return of Wednesday Malware

trial

If you have no more queries,  take the next step and sign up!

Don’t worry, the installation process is quick and straightforward!

get your free trial!

book a live demo

sign up for free

For Shared Webhosting For VPS providers For Small Businesses Pricing Anti-Malware WAF Realtime IP Reputation Extra Security Components

BitNinja Learn Documentation FAQs Success Stories Security Guides Reseller Partner Kit Comparisons Incident Report

About Customers Jobs at BitNinja Legal Terms Privacy Events Bug Bounty

Book a demo Contact us Support Product Feedback

BitNinja

Proactive Linux server protection from a centralized, easy-to-use console. Secure your web servers and customers’ websites against all kinds of cyber threats with our multi-layered security tool

Ninja blog

Contact Form 7 WordPress Plugin Vulnerability

Plugin description

The vulnerability

What you should do if you have BitNinja installed on your servers

What you should do if you don’t have BitNinja installed on your servers

Recent Posts

The Endless Loop of Malware Reinfection

Big stability improvements! - New BitNinja version (V3.5.0)

The Guardians of the Cyberspace: The Team that Made Us the Leaders in Server Security

Easy Server Management: Introducing the Cloud Configuration

Cloud Configuration is now live! - New BitNinja version (V3.4.1)

Beware the Return of Wednesday Malware

security

Resources

Company

Connect