Wordfence are reporting that a vulnerability has been identified in the WordPress Plugin – WP Cost Estimation & Payment Forms Builder (source).
The vulnerability was identified in versions prior to 9.660. The article explains that the upload function can be exploited to delete the WordPress config file and then take control of the WordPress installation.
If you are using security plugins such as Wordfence, then they will provide protection from such attacks through the rules they build into their firewall. Additionally, Wordfence will also alert you to when a new version of a plugin is available.
In this instance, the vulnerability has been patched and it is recommended that any plugin users immediately update to the latest version.
At Lens Digital, we install the Wordfence security plugin on all of our clients website. Additionally, we also provide a WordPress maintenance service that ensures your WordPress installation is kept up to date.
Talk to us today about how we can help with you WordPress website.