"5M WordPress Sites Running ‘Contact Form 7’ Plugin Open to Attack"

Researchers at Astra Security found a critical bug for the popular WordPress plugin called Contact Form 7.  The critical bug allows an unauthenticated adversary to take over a website running the plugin or hijack the entire server hosting the website.  The WordPress utility is active on 5 million websites, with most of those sites (70 percent) running version 5.3.1 or older of the Contact Form 7 plugin.  Researchers worked hard with the plugin developer, and a patch has been created recently.  It is suggested everyone update the Contact Form 7 plugin to the new version 5.3.2.  

Threatpost reports: "5M WordPress Sites Running ‘Contact Form 7’ Plugin Open to Attack"