Sucuri, an online firm that offers website scanning, monitoring, and malware removal services, has recently found a serious security vulnerability in the Custom Contact Forms plugin. This plugin enables users to create customizable contact form on their WordPress websites and has a record of over 600,000 downloads. Therefore, the impact is pretty huge over the internet. The good news is that this vulnerability has been patched. If you run your WordPress website with this plugin, please update the plugin to 126.96.36.199 version ASAP.
What Exactly is the Problem?
The bug allows attackers to take control of the affected website without setting accounts beforehand. You can read the details about this security bug by visiting the Sucuri blog article.
Once again, update the plugin ASAP. In fact, you should always keep your WordPress version and all plugins up-to-date in order to keep your sites secured.