Visible to the public "5M WordPress Sites Running ‘Contact Form 7’ Plugin Open to Attack"Conflict Detection Enabled

Researchers at Astra Security found a critical bug for the popular WordPress plugin called Contact Form 7. The critical bug allows an unauthenticated adversary to take over a website running the plugin or hijack the entire server hosting the website. The WordPress utility is active on 5 million websites, with most of those sites (70 percent) running version 5.3.1 or older of the Contact Form 7 plugin. Researchers worked hard with the plugin developer, and a patch has been created recently. It is suggested everyone update the Contact Form 7 plugin to the new version 5.3.2.

Threatpost reports: "5M WordPress Sites Running 'Contact Form 7' Plugin Open to Attack"