WordPress plugin Custom Contact Forms critical vulnerability
Description
The Custom Contact Forms plugin for WordPress contains a critical authentication bypass vulnerability that allows unauthenticated remote attackers to access and manipulate the WordPress database. This flaw enables attackers to bypass all authentication mechanisms and perform unauthorized database operations without requiring any administrative credentials or user privileges.
Remediation
Immediately upgrade the Custom Contact Forms plugin to version 5.1.0.4 or later, which addresses this vulnerability. To update:
1. Navigate to the WordPress admin dashboard
2. Go to Plugins > Installed Plugins
3. Locate Custom Contact Forms and click 'Update Now'
4. Verify the plugin version is 5.1.0.4 or higher after update
If immediate patching is not possible, temporarily deactivate the Custom Contact Forms plugin until the update can be applied. After updating, review database access logs for any suspicious activity and consider rotating all user passwords and authentication tokens as a precautionary measure.