Contact Form 7 is a WordPress plugin for managing multiple website contact forms. On December 16th, researchers at Astra Security discovered a critical vulnerability being tracked as CVE-2020-35489 which could allow an attacker to bypass file name sanitization checks to upload files of any type. By crafting a file name with two file extensions separated by special characters like a tab, an attacker could trick the plugin into accepting the file while discarding all characters after the first extension. Abusing this could lead to PHP scripts being uploaded and executed.
12 Essentials for a Successful SOC Partnership
As cyber threats continue to impact businesses of all sizes, the need for round-the-clock security