Critical Vulnerability Disclosed on WordPress Custom Contact Forms Plugin

If you’re a using the Custom Contact Forms WordPress plugin, you need to update it right away.

During a routine audit for our WAF, it was found that a critical vulnerability that allows an attacker to download and modify your database remotely (no authentication required).

The vulnerability was disclosed to the plugin developer a few weeks ago, they were unresponsive. The developers were unresponsive so we engaged the WordPress Security team. They were able to close the loops with the developer and get a patch released, you might have missed it.

Protect yourself

This vulnerability is categorized as Critical. You need to update the Custom Contact Forms now, to its latest version asap.  If you have a WordPress website and have been infected, please contact us to assist with the issue.

Reference of security issue from Sucuri Security