Last week Takayuki Miyoshi released a new version of his popular Contact Form 7 plugin. Installed on more than 5 million sites across the internet, the latest update patches a security vulnerability that enables a form submitter to bypass the filename sanitisation and upload a file which can then be executed on the server.
It is highly recommended that all sites update to v.5.3.2 immediately.
This issue was first reported by Jinson Verghese Behanan from Astra Security.
Need help to keep your WordPress site up to date and secure? Check out our WordPress Care Plans.