Search the MergeBase vulnerability database for information on known vulnerabilities in open-source components.
An unrestricted file upload vulnerability has been found in Contact Form 7 5.3.1 and older versions. Utilizing this vulnerability, a form submitter can bypass Contact Form 7’s filename sanitization, and upload a file which can be executed as a script file on the host server.
If you have Contact Form installed and allow any file uploads on any form, it is important to upgrade the plugin immediately. Due to the ubiquity of WordPress sites, you may be hit by drive-by automated attacks in addition to targeted attacks.For detailed analysis see the following article https://blog.wpsec.com/contact-form-7-vulnerability/
Stay on top of the real risk of open source at any time.
Avoid false positives and get sophisticated upgrade guidance based on risk, compatibility, and popularity.More on Continuous Protection
Detect and defend against known-vulnerabilities at runtime. The only SCA to do so.
The quickest way to respond to an imminent threat like log4j with CVE-2021-44228.More on Runtime
MergeBase directly integrates with Github and Bitbucket to provide an early warning system for your in-house developmentProduct Overview