WordPress is still an extremely attractive target for malicious hackers. One of the ways they can gain access to WordPress sites is to examine third-party WordPress plugins, looking for security vulnerabilities. Plugins aren’t subject to any kind of approval or auditing process; anyone can develop and publish them.

Many of the most famous WordPress hacks were actually hacks of plugins, not the WordPress core software. The TimThumb graphics library is a good example.

Now there’s news that the popular Custom Contacts Form plugin is vulnerable, and sites using unpatched versions leave them exposed to complete takeover by nefarious persons.

Anyone who runs a WordPress site that uses Custom Contacts Form should immediately update the plugin to version 5.1.0.4 or higher.