Support » Plugin: Contact Form 7 » vulnerability workaround

  • Hi, in case of inability to update the plugin, is the vulnerability effective only when the file upload field is present in the form, or is the risk still present even if the shortcode [file] is not used?

    thank you

Viewing 1 replies (of 1 total)
  • Hello @canetwp,

    That’s right, this vulnerability only affects forms that use file upload fields. If you don’t have a file field in your forms, you have nothing to worry about.

    On the other hand, Contact Form 7 does not store files in the directory, but deletes them immediately after sending. So, in practice it’s not possible for a script to be executed because it’s sent and deleted immediately afterwards.

    However, you can modify the includes/formatting.php file adding the new change manually, if you want to be sure.

    Best regards,
    Yordan.

Viewing 1 replies (of 1 total)
  • The topic ‘vulnerability workaround’ is closed to new replies.