Description
WordPress Plugin Custom Contact Forms is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to download and modify the database remotely or to upload files containing SQL statements which will be executed; this could lead to total compromise of the website. WordPress Plugin Custom Contact Forms version 5.1.0.3 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 5.1.0.4 or latest
References
Related Vulnerabilities
WordPress Plugin Easy Plugin for AdSense Cross-Site Request Forgery (6.06)
WordPress Plugin WP eCommerce Multiple Vulnerabilities (3.9.1)
WordPress Cross-Site Scripting Vulnerability (3.0 - 3.6.1)
WordPress 3.3.1 Multiple Vulnerabilities (2.0 - 3.3.1)
WordPress Plugin AccessPress Social Counter Cross-Site Scripting (1.3.6)