What is CVE-2020-35489?

CVE-2020-35489 is a vulnerability in N/a. Published 2020-12-17.

Is CVE-2020-35489 known to be exploited?

33 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2020-35489

The contact-form-7 (aka Contact Form 7) plugin before 5.3.2 for WordPress allows Unrestricted File Upload and remote code execution because a filename may contain special characters.

EPSS: 0.880 (99.5th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

dn9uy3n/Check-WP-CVE-2020-35489
reneoliveirajr/wp_CVE-2020-35489_checker
Cappricio-Securities/CVE-2020-35489
X0UCYB3R/Check-WP-CVE-2020-35489
ARPSyndicate/cvemon
ARPSyndicate/kenzer-templates
Aju34807/vulnsight
Cappricio-Securities/CVE-2017-7269
El-Palomo/MR-ROBOT-1
Elsfa7-110/kenzer-templates

References

wordpress.org/plugins/contact-form-7/ (x_refsource_MISC)
www.getastra.com/blog/911/plugin-exploit/contact-form-7-unrestricted-file-uploa… (x_refsource_MISC)
contactform7.com/2020/12/17/contact-form-7-532/ (x_refsource_MISC)
wpscan.com/vulnerability/10508 (x_refsource_MISC)
www.jinsonvarghese.com/unrestricted-file-upload-in-contact-form-7/ (x_refsource_MISC)

Frequently asked questions

What is CVE-2020-35489?: CVE-2020-35489 is a vulnerability in N/a. Published 2020-12-17.
Is CVE-2020-35489 known to be exploited?: 33 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.