The filename sanitization vulnerability exploit is fixed in Contact Form 7 version 7 5.3.2. All versions of Contact Form 7 from 7 5.3.1 and under are considered vulnerable and should be updated ...