With over 5 million WordPress websites available today, the majority of them use Contact Form 7, a plugin installed on your website that controls your contact forms. On December 16, 2020, CF7 issued a big update to address a huge security vulnerability.
Information sourced from threatPost article on security bug on Dec. 17th.
A critical unrestricted file upload bug in Contact Form 7 allows an unauthenticated visitor to take over a site running the plugin.
The critical vulnerability (CVE-2020-35489) is classified as an unrestricted file upload bug, according to Astra Security Research, which found the flaw on Wednesday.
The security threat allows an unauthenticated user to take over a website running the plugin or possibly hijack the entire server hosting the site and the attack could be done remotely.
Contact Form 7 is a plugin that is installed on your website and a solution or “patch” for this plugin has already been released by WordPress in the form of a 5.3.2 version update to the Contact Form 7 plugin.
If you are running Contact Form 7 on your website, this is an easy fix; simply update the plugin. Once you do, be sure to follow these steps to verify that everything is still working:
- Go to your Contact Form 7 settings and make sure all forms are validated
- Visit your website, in an incognito window, and fill out your form(s)
- Verify you have received the inquiry
Once you’ve run through everything above, your website’s vulnerability decreases significantly. Now you can rest a little easier at night.
Protect for Next Time
2020 has been a bad year for cybersecurity. More hacking events were attempted in the first 6 months of 2020 than in all of 2019. We are currently working through the websites RedTree is contracted with but I would suggest you reach out to your current website partner to update this issue before your website gets attacked.
If you don’t have a partner, we know a good web design company that can help.
Don’t Branch Out Alone
We know that your time is limited but taking your website to the next level is essential. Don’t branch out alone. Tap into our team of experts to keep your site ahead of the curve.