Title: vulnerability workaround
Last modified: December 28, 2020

---

# vulnerability workaround

 *  [canetwp](https://wordpress.org/support/users/canetwp/)
 * (@canetwp)
 * [5 years, 5 months ago](https://wordpress.org/support/topic/vulnerability-workaround/)
 * Hi, in case of inability to update the plugin, is the vulnerability effective
   only when the file upload field is present in the form, or is the risk still 
   present even if the shortcode [file] is not used?
 * thank you

Viewing 1 replies (of 1 total)

 *  [Yordan Soares](https://wordpress.org/support/users/yordansoares/)
 * (@yordansoares)
 * [5 years, 5 months ago](https://wordpress.org/support/topic/vulnerability-workaround/#post-13870459)
 * Hello [@canetwp](https://wordpress.org/support/users/canetwp/),
 * That’s right, this vulnerability only affects forms that use file upload fields.
   If you don’t have a file field in your forms, you have nothing to worry about.
 * On the other hand, Contact Form 7 does not store files in the directory, but 
   deletes them immediately after sending. So, in practice it’s not possible for
   a script to be executed because it’s sent and deleted immediately afterwards.
 * However, you can modify the `includes/formatting.php` file adding the [new change](https://github.com/takayukister/contact-form-7/commit/2e45060ff0b4610e9665d996bc91f725ff5fc381)
   manually, if you want to be sure.
 * Best regards,
    Yordan.

Viewing 1 replies (of 1 total)

The topic ‘vulnerability workaround’ is closed to new replies.

 * ![](https://ps.w.org/contact-form-7/assets/icon.svg?rev=2339255)
 * [Contact Form 7](https://wordpress.org/plugins/contact-form-7/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/contact-form-7/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/contact-form-7/)
 * [Active Topics](https://wordpress.org/support/plugin/contact-form-7/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/contact-form-7/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/contact-form-7/reviews/)

 * 1 reply
 * 2 participants
 * Last reply from: [Yordan Soares](https://wordpress.org/support/users/yordansoares/)
 * Last activity: [5 years, 5 months ago](https://wordpress.org/support/topic/vulnerability-workaround/#post-13870459)
 * Status: not resolved