Technology Tips

December 30, 2020

Update WordPress Contact Form 7 Plugin Immediately For Security

Written By Dave of Securafy

Is your company's website built around WordPress? If so, you're certainly not alone. WordPress is, to this day, the simplest way to get a site up and running quickly. It's easy to use, has an intuitive interface and there are thousands of great plugins that extend its capabilities.

Unfortunately, hackers are all too aware of these facts, which sometimes makes the platform and its legion of plugins a tempting target.

That's the case with Contact Form 7, one of the most popular of the WordPress plugins, boasting more than five million active installations. Unfortunately, the team behind the plugin recently disclosed a critical security vulnerability that puts any website using it at risk.

The company moved quickly to address the issue, but in order to make sure your site is protected, you'll need to install the latest version of the plugin. As with most things in the WordPress world, upgrading your plugins is easy to do, and is something that will only take a few minutes of your time. Even so, it's a few minutes you'll absolutely need to spend if you want to ensure that your site is secure.

The vulnerability in question was tracked as CVE-2020-35489, and was classed as an unrestricted file upload vulnerability, which allows hackers to bypass other security measures you may have in place and upload arbitrary code onto any server running the old version of the plugin.

That's about as bad as it gets, because hackers can upload absolutely anything from keyloggers and sniffers to code that will copy every sensitive file you've got and then start encrypting data, or worse. All that to say, if you use WordPress, it pays to double check to see if you're also using Contact Form 7, and if you are, upgrade the plugin right away.

Picture of Dave of Securafy
About The Author
Dave is your trusted source for practical risk management in the digital space. Specializing in network security and data backup, he enjoys experimenting with the latest security technologies. Dave’s blogs are packed with tips on regulatory compliance, risk assessments, and audit preparation, helping you stay secure and compliant in a fast-paced tech landscape.

Join the Conversation

Subscribe to our newsletter

Sign up for our FREE "Cyber Security Tip of the Week!" and always stay one step ahead of hackers and cyber-attacks.