jQuery File Upload Plugin - RCE (CVE-2014-8739)

CVE-2014-8739 is a critical unrestricted file upload vulnerability in the jQuery File Upload Plugin 6.4.4, as used in Creative Contact Form for WordPress and Joomla!. This flaw allows remote attackers to upload and execute arbitrary PHP code by simply uploading a malicious file, leading to full system compromise. The vulnerability has been actively exploited in the wild, enabling attackers to gain unauthorized access and control over affected servers.

CrowdSec has been tracking this vulnerability and its exploits since 24th of September 2025.

CrowdSec network data shows that most actors exploiting CVE-2014-8739 rely on broad, untargeted scans with minimal filtering. The activity is largely automated and opportunistic in nature. CrowdSec data also reveals a clear uptick in attacks involving CVE-2014-8739 over the past week. Activity is above the usual baseline, suggesting growing attention from attackers. This may reflect rising awareness, recent exploit releases, or expanded targeting efforts.

Attackers exploit the file upload functionality at /wp-content/plugins/sexy-contact-form/includes/fileupload/index.php to upload malicious PHP files, which are then accessed directly via the /wp-content/plugins/sexy-contact-form/includes/fileupload/files/ directory to achieve remote code execution.