WordPress plugin Contact Manager 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

CVE-2025-1028 Contact Manager <= 8.6.4 - Unauthenticated Arbitrary Double File Extension Upload

The Contact Manager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the contact form upload feature in all versions up to, and including, 8.6.4. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site'...

CVE-2025-1028

CVE-2025-1028 concerns the WordPress Contact Manager plugin (versions ≤ 8.6.4). Root cause: missing file type validation in the contact form upload feature enables unauthenticated arbitrary file uploads. Impact: on affected sites, arbitrary files can be uploaded to the server; in certain configur...

WordPress Contact Manager plugin <= 8.6.4 - Unauthenticated Arbitrary Double File Extension Upload vulnerability

Unauthenticated Arbitrary Double File Extension Upload vulnerability discovered by Keshav verma in WordPress Plugin Contact Manager versions = 8.6.4...