Serious vulnerability found in Contact Form 7 WP plugin


The developers of the popular WordPress plugin Contact Form 7 have announced that they have closed a serious vulnerability related to unlimited file uploads. It allowed attackers to add malicious scripts to the site.


A WordPress plugin unlimited file upload vulnerability is when a plugin allows an attacker to download a web shell (malicious script), which can then be used to hijack a site, tamper with a database, etc.

The developers have already closed this gap and strongly recommend that all plugin users update it to the latest version ( and higher).

The vulnerability was discovered by security researchers from Astra.

The Contact Form 7 plugin allows you to create contact forms of any complexity and customize them for any needs. It is used by 5+ million websites.

As a reminder, earlier this month, a vulnerability was discovered in the Easy WP SMTP WP plugin, which is used to send all emails from the site through the specified SMTP server.


New member
Suddenly, WordPress is such a popular site engine, and they can't make it perfect, what can we say about simple sites.