Due to the way some IIS-based servers check permissions on files and directories, it was possible for some uploaded files to not be removed properly under certain circumstances. This patch altered the way Contact Form 7 deletes uploaded files to account for those specific IIS-based configurations.
This vulnerability affects the following application versions:
- Contact Form 7 3.6
- Contact Form 7 3.7
- Contact Form 7 3.7.1
- Contact Form 7 3.7.2
- Contact Form 7 3.8
- Contact Form 7 3.8.1
- Contact Form 7 3.9
- Contact Form 7 3.9.1
- Contact Form 7 3.9.2
- Contact Form 7 3.9.3
- Contact Form 7 3.9-beta
- Contact Form 7 4.0
- Contact Form 7 4.0.1
- Contact Form 7 4.0.2
- Contact Form 7 4.0.3
- Contact Form 7 4.1
- Contact Form 7 4.1.1
- Contact Form 7 4.1.2
- Contact Form 7 4.1-beta
- Contact Form 7 4.2
- Contact Form 7 4.2.1
- Contact Form 7 4.2.2
- Contact Form 7 4.2-beta
- Contact Form 7 4.3
- Contact Form 7 4.3.1
- Contact Form 7 4.4
- Contact Form 7 4.4.1
- Contact Form 7 4.4.2