WordPress plugin Custom Contact Forms critical vulnerability

Description
  • Marc-Alexandre Montpas reported a security issue in the popular WordPress plugin Custom Contact Forms that would allow a user with no administrative privileges to download and modify your database remotely (no authentication required).
Remediation
  • Upgrade to the latest version of Custom Contact Forms (this problem was fixed in version 5.1.0.4).
References