grave vulnerabilità = severe security issueti informiamo che sul plugin Contact Form 7 di WordPress, che i nostri sistemi automatici di gestione hanno rilevato essere installato su uno o più dei tuoi siti, è emersa una grave vulnerabilità.
in fact, this plugin 5 millions install, Contact Form 7, was coming with a security issue, that leave your site to be an easy target for hackers:
5.3.2 fixed this aspect but: are we sure that an hacker, do not placed now a file somewhere into our system, if the contact form (not in my case) was allowed to upload attachments?Removes control, separator, and other types of special characters from filename to fix the unrestricted file upload vulnerability issue.
So i just would like to remember an assertion, coming from the old bruteforce topic:
Hint for cool people: do not overload WordPress activating multiple not useful features, thinking that for this you'll be more secure. If the code of plugins you use, the server configuration, and the cms are secure, maybe (maybe not) you do not need to much to pretend to stay secure, except the above. This is it on this online example since ever.