Security vulnerability in Webforms Pro extension that allows upload of PHP code into js/webforms/upload/files directory.
WebForms Pro Security Update If you have WebForms version installed older than 2.7.6 please take action! It has been recently discovered that WebForms extension can cause vulnerability on certain system configurations with Magento 1 platform installed. If your server is running Apache 2.4, Nginx or PHP 7 you are strongly advised to download WebForms 2.7.7 update from your account area My Downloadable Products section. The update contains new file upload scan to block possible script files from being uploaded to the server. If you have a customized version of WebForms or performing the update is problematic, please remove the following directory: /js/webforms/upload It is a safe operation as it doesn’t affect any major functionality. This folder is present in current version of WebForms but will be removed in future updates. If you have forms with file upload fields please limit allowed file extensions.