Wow so the news from the WordPress forums on reddit is that the popular plugin called ‘Comtact Form 7’ had a decent vulnerability and it’s pretty critical to update your plugins.

I for one am VERY glad that WordPress now natively supports automatic plugin and theme updates. This is one key reason that I generally insist that all plugins and themes go through the WordPress Repository. There are a lot of safety checks and other processes that can escalate the automatic updating for a particular package if the danger is seen as extreme. In my opinion nearly any plugin with 5 million installs should receive the utmost security. I’m not criticizing, I’m just glad that we have sharp people that are good at what they do. And I’m glad that security fixes are always being discovered to make us more safe.

The entire WordPress galaxy consists of about 415m websites. I don’t have a place to quote where I got that statistic. I try my best to always log important stats like that so that I can refer to the original post in the future. It’s important to relay that I’m just repeating the analysis of entire companies and products that are designed to calculate stuff like this.

I’m just amazed that only 5m websites use ‘Contact Form 7’. That is a tiny percent of the entire universe.

The scary part of this news is that I have NEVER built a website that does NOT use contact form 7. Not once not ever. Time to go review my websites.

Aaron Kempf, CEO of the meglaverse

5M WordPress Sites Running ‘Contact Form 7’ Plugin Open to Attack from WordPress