A vulnerability was discovered in the Magento module WebForms Pro 2.
We’ve added a security filter to deny PHP files to be executed from within the upload directory of the module WebForms Pro 2.
All requests looking like /js/webforms/upload/*.php will be denied.
All users of the module WebForms Pro 2 should immediately update to the latest version (fix is included as of 2.7.7).
Update (release-3152): We’ve updated the filter to deny following requests /js/webforms/upload/files/*.php instead.
We recommend to update this module as soon as possible!