Is your company’s website built around WordPress? If so, you’re certainly not alone. WordPress is, to this day, the simplest way to get a site up and running quickly. It’s easy to use, has an intuitive interface and there are thousands of great plugins that extend its capabilities.
Unfortunately, hackers are all too aware of these facts, which sometimes makes the platform and its legion of plugins a tempting target.
That’s the case with Contact Form 7, one of the most popular of the WordPress plugins, boasting more than five million active installations. Unfortunately, the team behind the plugin recently disclosed a critical security vulnerability that puts any website using it at risk.
The company moved quickly to address the issue, but in order to make sure your site is protected, you’ll need to install the latest version of the plugin. As with most things in the WordPress world, upgrading your plugins is easy to do, and is something that will only take a few minutes of your time. Even so, it’s a few minutes you’ll absolutely need to spend if you want to ensure that your site is secure.
The vulnerability in question was tracked as CVE-2020-35489, and was classed as an unrestricted file upload vulnerability, which allows hackers to bypass other security measures you may have in place and upload arbitrary code onto any server running the old version of the plugin.
That’s about as bad as it gets, because hackers can upload absolutely anything from keyloggers and sniffers to code that will copy every sensitive file you’ve got and then start encrypting data, or worse. All that to say, if you use WordPress, it pays to double check to see if you’re also using Contact Form 7, and if you are, upgrade the plugin right away.