Prior to this patch, it was possible to attach a local file to a contact form upload under certain circumstances, even if the file was outside of the /wp-content/ directory. This patch updates the upload capabilities so it no longer possible to attach a local file that is outside of the /wp-content/ directory.

This vulnerability affects the following application versions:

  • Contact Form 7 3.9
  • Contact Form 7 3.9.1
  • Contact Form 7 3.9.2
  • Contact Form 7 3.9.3
  • Contact Form 7 3.9-beta
  • Contact Form 7 4.0
  • Contact Form 7 4.0.1
  • Contact Form 7 4.0.2
  • Contact Form 7 4.0.3
  • Contact Form 7 4.1
  • Contact Form 7 4.1.1
  • Contact Form 7 4.1.2
  • Contact Form 7 4.1-beta
  • Contact Form 7 4.2
  • Contact Form 7 4.2.1
  • Contact Form 7 4.2.2
  • Contact Form 7 4.2-beta
  • Contact Form 7 4.3
  • Contact Form 7 4.3.1
  • Contact Form 7 4.4
  • Contact Form 7 4.4.1
  • Contact Form 7 4.4.2
  • Contact Form 7 4.5
  • Contact Form 7 4.5.1
  • Contact Form 7 4.6
  • Contact Form 7 4.6.1
  • Contact Form 7 4.7
  • Contact Form 7 4.8
  • Contact Form 7 4.8.1
  • Contact Form 7 4.9
  • Contact Form 7 4.9.1
  • Contact Form 7 4.9.2
  • Contact Form 7 5.0
  • Contact Form 7 5.0.1
  • Contact Form 7 5.0.2
  • Contact Form 7 5.0.3

Skriv et svar

Din e-mailadresse vil ikke blive publiceret. Krævede felter er markeret med *