Critical WordPress plugin flaw exposes websites to takeover
A critical vulnerability (CVE-2025-7384) in the popular "Database for Contact Form 7, WPforms, Elementor forms" WordPress plugin allows unauthenticated attackers to inject malicious PHP objects through improper deserialization, potentially leading to deletion of critical WordPress configuration files and remote code execution.
**If you use the "Database for Contact Form 7, WPforms, Elementor forms" plugin on any WordPress site, time to update NOW. You can't mitigate this flaw because the plugin is visible on the internet. So don't delay, the update is trivial.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-wordpress-plugin-flaw-exposes-websites-to-takeover-3-f-l-3-w/gD2P6Ple2L
