The popular WordPress plugin, Contact Form 7 was found to be vulnerable to Unrestricted File Upload.
Append a unicode special character (from U+0000 [null] to U+001F [us]) to a filename and upload it via the ContactForm7 upload feature
CPE | Name | Operator | Version |
---|---|---|---|
contact-form-7 | lt | 5.3.2 |