Context
This vulnerability comes from a plugin named Contact Form that is used on Wordpress. The contact-form-7 (Contact Form 7) plugin version before 5.3.2 for WordPress allows attacker to upload malicious file that leads to remote code execution on the server because the plugin does not handle special characters well.
To verify the version in use, check the plugin version at the path /wp-content/plugins/contact-form-7/readme.txt.
Consequences
Cyber-terms
Direct impact on the confidentiality, integrity ,disponibility and tracability of the assets stored in the server. As the exploitation of the vulnerability does not need authentication to the platform or the server, its impact is critical.
Managerial terms
Exploitation of the vulnerability leads to direct financiary losses by impacting disponibility of business assets and needed post investigation by security experts to assert the network has not been compromized.