diff --git a/CVE/CVE-2020-35489.lua b/CVE/CVE-2020-35489.lua
new file mode 100644
index 0000000..6a229c7
--- /dev/null
+++ b/CVE/CVE-2020-35489.lua
@@ -0,0 +1,75 @@
+--AUTHOR: Mohamed Tarek @0xr00t3d
+--reference: https://www.jinsonvarghese.com/unrestricted-file-upload-in-contact-form-7/
+
+SCAN_TYPE = 2
+BODY_MATCH = {
+    "Contact Form 7",
+    "== Changelog =="
+}
+
+local function get_version(body) -- get contact form version
+    local version = Matcher:extract("(?m)Stable tag: ([0-9.]+)", body)[1]
+    if version then return version end
+end
+
+local function cmp_version(version1, version2)
+    local function split(str, sep)
+        local parts = {}
+        for part in str:gmatch("([^" .. sep .. "]+)") do
+            table.insert(parts, part)
+        end
+        return parts
+    end
+
+    local parts1 = split(version1, '.')
+    local parts2 = split(version2, '.')
+
+    for i = 1, math.max(#parts1, #parts2) do
+        local num1 = tonumber(parts1[i]) or 0
+        local num2 = tonumber(parts2[i]) or 0
+
+        if num1 < num2 then
+            return -1 -- version1 is less than version2
+        elseif num1 > num2 then
+            return 1  -- version1 is greater than version2
+        end
+    end
+
+    return 0 -- version1 is equal to version2
+end
+
+local function scan_report(resp)
+    Reports:add {
+        name = "[CVE-2020-35489] WordPress Contact Form 7 - Unrestricted File Upload",
+        url = resp.url,
+        risk = "Critical",
+        description =
+        [[WordPress Contact Form 7 before 5.3.2 allows unrestricted file upload and remote code execution because a filename may contain special characters.]]
+    }
+end
+
+local function scan(path)
+    local url = HttpMessage:urljoin(path)
+    local status, resp = pcall(function()
+        return http:send({ url = url })
+    end)
+
+    local body = resp.body
+
+    if status ~= true then return end
+    if resp.status ~= 200 then return end
+
+    local plugin_version = get_version(body)
+    local safe_version = "5.3.2"
+
+    if
+        Matcher:match_body(body, BODY_MATCH)
+        and cmp_version(plugin_version, safe_version) == -1
+    then
+        scan_report(resp)
+    end
+end
+
+function main()
+    scan("/wp-content/plugins/contact-form-7/readme.txt")
+end
diff --git a/README.md b/README.md
index aa4e242..538bdfb 100644
--- a/README.md
+++ b/README.md
@@ -18,6 +18,7 @@ We're developing scripts for famous CVEs, like CVE-2014-2321, CVE-2019-11248, CV
 | CVE-2014-2321.lua            | :heavy_check_mark: Finished  |
 | CVE-2019-11248.lua           | :heavy_check_mark: Finished  |
 | CVE-2020-11450.lua           | :heavy_check_mark: Finished  |
+| CVE-2020-35489 Wordpress | :heavy_check_mark: Finished  |
 | CVE-2022-0378.lua            | :heavy_check_mark: Finished  |
 | CVE-2022-0381.lua            | :heavy_check_mark: Finished  |
 | CVE-2022-1234.lua            | :hourglass_flowing_sand: In progress |