If you’re a using the Custom Contact Forms WordPress plugin, you need to update it right away.
During a routine audit for our WAF, we found a critical vulnerability that allows an attacker to download and modify your database remotely (no authentication required).
The vulnerability was disclosed to the plugin developer a few weeks ago, they were unresponsive. The developers were unresponsive so we engaged the WordPress Security team.
more here.............http://blog.sucuri.net/2014/08/database-takeover-in-custom-contact-forms.html
During a routine audit for our WAF, we found a critical vulnerability that allows an attacker to download and modify your database remotely (no authentication required).
The vulnerability was disclosed to the plugin developer a few weeks ago, they were unresponsive. The developers were unresponsive so we engaged the WordPress Security team.
more here.............http://blog.sucuri.net/2014/08/database-takeover-in-custom-contact-forms.html