Regarding File Upload security vulnerability and Not having file upload field

Viewing 1 replies (of 1 total)

  • Hello @peakwebsites,

    That’s right. This issue only affects forms that use file upload fields. If you don’t have a file field in your forms, you have nothing to worry about.

    On the other hand, Contact Form 7 does not store files in the directory, but deletes them immediately after sending. So, in practice it’s not possible for a script to be executed because it’s sent and deleted immediately afterwards.

    However, you can modify the includes/formatting.php file adding the new change manually, if you want to be sure.

    Best regards,
    Yordan.

Viewing 1 replies (of 1 total)
  • The topic ‘Regarding File Upload security vulnerability and Not having file upload field’ is closed to new replies.