jQuery File Upload Plugin - RCE (CVE-2014-8739)

CVE-2014-8739 is a critical unrestricted file upload vulnerability in the jQuery File Upload Plugin 6.4.4, as used in Creative Contact Form for WordPress and Joomla!. This flaw allows remote attackers to upload and execute arbitrary PHP code by simply uploading a malicious file, leading to full system compromise. The vulnerability has been actively exploited in the wild, enabling attackers to gain unauthorized access and control over affected servers.

CrowdSec has been tracking this vulnerability and its exploits since 24th of September 2025.

CrowdSec network data shows that most actors exploiting CVE-2014-8739 rely on broad, untargeted scans with minimal filtering. The activity is largely automated and opportunistic in nature. Telemetry from the CrowdSec network also shows that exploitation activity for CVE-2014-8739 remains steady week-over-week. Attack volumes are consistent with long-term trends, indicating sustained interest from threat actors. CVE-2014-8739 continues to be an active part of the threat landscape and will likely remain this way for the forseeable future.

Attackers exploit the file upload functionality at /wp-content/plugins/sexy-contact-form/includes/fileupload/index.php to upload malicious PHP files, which are then accessed directly via the /wp-content/plugins/sexy-contact-form/includes/fileupload/files/ directory to achieve remote code execution.