Is your company's website built on WordPress?

If so, you're certainly not alone. WordPress is, to this day, the simplest way to get a site up and running quickly. It's easy to use, has an intuitive interface and there are thousands of great plugins that extend its capabilities.

Unfortunately, hackers are all too aware of these facts, which sometimes makes the platform and its legion of plugins a tempting target.

Contact Form 7 plugin vulnerable

That's the case with Contact Form 7, one of the most popular WordPress plugins, boasting more than five million active installations. Unfortunately, the team behind the plugin recently disclosed a critical security vulnerability that puts any website using it at risk.

The company moved quickly to address the issue, but in order to make sure your site is protected, you'll need to install the latest version of the plugin. As with most things in the WordPress world, upgrading your plugins is easy to do, and is something that will only take a few minutes of your time. Even so, it's a few minutes you'll absolutely need to spend if you want to ensure that your site is secure.

The vulnerability in question was tracked as CVE-2020-35489 and was classed as an unrestricted file upload vulnerability, which allows hackers to bypass other security measures you may have in place and upload arbitrary code onto any server running the old version of the plugin.

Our perspective

That's about as bad as it gets because hackers can upload absolutely anything from keyloggers and sniffers to code that will copy every sensitive file you've got and then start encrypting data, or worse. All that to say, if you use WordPress, it pays to double-check to see if you're also using Contact Form 7, and if you are, upgrade the plugin right away.


~ As Hill Street Blues' Sgt. Esterhaus always advised: "Hey, let's be careful out there!" ~


By Denis Wilson

Cybersecurity Expert, Small Business Technology Consultant, Managed Services Provider, Managed IT Support

Thanks for reading this short post. For more tips on thriving with small business technology, check out the other blog posts at DWPIA Blogs. You can find us on LinkedIn, Facebook, and Twitter.

I am also a published author and speaker in cloud computing, work at home, and cybersecurity. I am working extensively with business and professional associations to provide small business technology education programs. Contact me if you would like me to speak at your association