Another popular WordPress plugin is vulnerable to hackers. This time round is Contact Form 7. Please upgrade!
Contact Form 7 unfortunately has a relatively long history of vulnerabilities. The developers have always been great at plugging security holes real fast. For such a popular piece of software, it is almost inevitable that someone will discover a new security hole.
This week’s news is that all versions prior to 17 December 2020 are vulnerable to file uploads. Hackers can (and do) upload malicious files to your website, and then do some nasty stuff from there. Read all about this on the Contact Form 7 website:
- If you are using Contact Form 7 on your website, please upgrade it and the rest of your WordPress installation.
- If you are not using Contact Form 7 on your website, then please update your WordPress installation.
Get it? Please keep your WordPress installation up to date. Friends do not let their websites send spam email or distribute virusses to other friends.