jQuery File Upload Plugin - RCE (CVE-2014-8739)

CVE-2014-8739 is a critical unrestricted file upload vulnerability in the jQuery File Upload Plugin 6.4.4, as used in Creative Contact Form for WordPress and Joomla!. This flaw allows remote attackers to upload and execute arbitrary PHP code by simply uploading a malicious file, leading to full system compromise. The vulnerability has been actively exploited in the wild, enabling attackers to gain unauthorized access and control over affected servers.

CrowdSec has been tracking this vulnerability and its exploits since 24th of September 2025.

CrowdSec network data shows that most actors exploiting CVE-2014-8739 rely on broad, untargeted scans with minimal filtering. The activity is largely automated and opportunistic in nature. Data from the CrowdSec community also indicates a gradual decrease in attacks targeting CVE-2014-8739. While still present in the wild, exploitation levels have dropped noticeably week-over-week. This may signal that the vulnerability is becoming less relevant or that defenses are improving fast enough for attackers to lose interest.

Attackers exploit the file upload functionality at /wp-content/plugins/sexy-contact-form/includes/fileupload/index.php to upload malicious PHP files, which are then accessed directly via the /wp-content/plugins/sexy-contact-form/includes/fileupload/files/ directory to achieve remote code execution.