CVE-2020-35489
Summary
| CVE | CVE-2020-35489 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2020-12-17 19:15:00 UTC |
|---|
| Updated | 2020-12-22 12:57:00 UTC |
|---|
| Description | The contact-form-7 (aka Contact Form 7) plugin before 5.3.2 for WordPress allows Unrestricted File Upload and remote code execution because a filename may contain special characters. |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| WordPress › Contact Form 7 « WordPress Plugins |
MISC |
wordpress.org |
Release Notes, Third Party Advisory |
| Unrestricted File Upload possible in Contact Form 7 |
MISC |
www.jinsonvarghese.com |
Third Party Advisory |
| Contact Form 7 < 5.3.2 - Unrestricted File Upload Security Vulnerability |
MISC |
wpscan.com |
Third Party Advisory |
| Unrestricted File Upload Vulnerability in Contact Form 7 |
MISC |
www.getastra.com |
Third Party Advisory |
| Contact Form 7 5.3.2 | Contact Form 7 |
MISC |
contactform7.com |
Vendor Advisory |
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 154132 WordPress Contact Form 7 Plugin: Unrestricted File Upload and Remote Code Execution (RCE) Vulnerability (CVE-2020-35489)
- 730094 WordPress Contact Form Unrestricted File-Upload and Remote Code Execution (RCE) Vulnerability
