If you’re a using the Custom Contact Forms WordPress plugin, you need to update it right away.
During a routine audit for our WAF, we found a critical vulnerability that allows an attacker to download and modify your database remotely (no authentication required).
The vulnerability was disclosed to the plugin developer a few weeks ago, they were unresponsive. The developers were unresponsive so we engaged the WordPress Security team. They were able to close the loops with the developer and get a patch released, you might have missed it:
Read more on Sucuri Blog or call us at 403-291-9811