Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
WP Plugin Contact Form 7 Unrestricted Upload of File with Dangerous Type Vulnerability - CVE-2020-35489 - Vulnerability Database
WP Plugin Contact Form 7

WP Plugin Contact Form 7 Unrestricted Upload of File with Dangerous Type Vulnerability - CVE-2020-35489

Critical
Reference: CVE-2020-35489
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2020-35489
Title: WP Plugin Contact Form 7 Unrestricted Upload of File with Dangerous Type Vulnerability
Overview:

The contact-form-7 (aka Contact Form 7) plugin before 5.3.2 for WordPress allows Unrestricted File Upload and remote code execution because a filename may contain special characters.