Description
Marc-Alexandre Montpas reported a security issue in the popular WordPress plugin Custom Contact Forms that would allow a user with no administrative privileges to download and modify your database remotely (no authentication required).
Remediation
Upgrade to the latest version of Custom Contact Forms (this problem was fixed in version 5.1.0.4).
References
Related Vulnerabilities
EspoCRM Improper Neutralization of Formula Elements in a CSV File Vulnerability (CVE-2022-38845)
All-in-One WP Migration Arbitrary File Upload (7.40)
Gutenberg Blocks by WordPress Download Manager Cross-Site Scripting (2.1.8)
MySQL CVE-2013-5891 Vulnerability (CVE-2013-5891)
WordPress Cleartext Storage of Sensitive Information Vulnerability (CVE-2017-14990)