Temporary upload directories were not randomly named, and could potentially be guessed by an attacker. This enhancement introduced randomly named directories to the temporary upload file path, making it significantly more difficult to guess the temporary path.
This vulnerability affects the following application versions:
- Contact Form 7 3.6
- Contact Form 7 3.7
- Contact Form 7 3.7.1
- Contact Form 7 3.7.2
- Contact Form 7 3.8
- Contact Form 7 3.8.1
- Contact Form 7 3.9
- Contact Form 7 3.9.1
- Contact Form 7 3.9-beta