Contact Form 7 Open to Attack

With over 5 million WordPress websites available today, the majority of them use Contact Form 7, a plugin installed on your website that controls your contact forms. On December 16, 2020, CF7 issued a big update to address a huge security vulnerability.

The Issue

Information sourced from threatPost article on security bug on Dec. 17th.

A critical unrestricted file upload bug in Contact Form 7 allows an unauthenticated visitor to take over a site running the plugin.

The critical vulnerability (CVE-2020-35489) is classified as an unrestricted file upload bug, according to Astra Security Research, which found the flaw on Wednesday.

The security threat allows an unauthenticated user to take over a website running the plugin or possibly hijack the entire server hosting the site and the attack could be done remotely.

Easy Fix

Contact Form 7 is a plugin that is installed on your website and a solution or “patch” for this plugin has already been released by WordPress in the form of a 5.3.2 version update to the Contact Form 7 plugin.

If you are running Contact Form 7 on your website, this is an easy fix; simply update the plugin. Once you do, be sure to follow these steps to verify that everything is still working:

  • Go to your Contact Form 7 settings and make sure all forms are validated
  • Visit your website, in an incognito window, and fill out your form(s)
  • Verify you have received the inquiry

Once you’ve run through everything above, your website’s vulnerability decreases significantly. Now you can rest a little easier at night.

Protect for Next Time

2020 has been a bad year for cybersecurity. More hacking events were attempted in the first 6 months of 2020 than in all of 2019. We are currently working through the websites RedTree is contracted with but I would suggest you reach out to your current website partner to update this issue before your website gets attacked.

If you don’t have a partner, we know a good web design company that can help.

Don’t Branch Out Alone

We know that your time is limited but taking your website to the next level is essential. Don’t branch out alone. Tap into our team of experts to keep your site ahead of the curve.

Share

Similar Posts
Also tagged Web Optimization

FAQs About Reviews

Also tagged Web Optimization

Why Update WordPress, Plugins and Themes?

Also tagged Web Optimization

Work smarter with ongoing updates to your website