Critical Vulnerability Disclosed on WordPress Custom Contact Forms Plugin
If you’re a using the Custom Contact Forms WordPress plugin, you need to update it right away.
During a routine audit for our WAF, it was found that a critical vulnerability that allows an attacker to download and modify your database remotely (no authentication required).
The vulnerability was disclosed to the plugin developer a few weeks ago, they were unresponsive. The developers were unresponsive so we engaged the WordPress Security team. They were able to close the loops with the developer and get a patch released, you might have missed it.
This vulnerability is categorized as Critical. You need to update the Custom Contact Forms now, to its latest version asap. If you have a WordPress website and have been infected, please contact us to assist with the issue.
Reference of security issue from Sucuri Security