WordPress Hotscot Contact Form SQL Injection Vulnerability

WordPress is the Wordpress Foundation’s suite of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.A SQL injection vulnerability exists in WordPress Hotscot Contact Form, which stems from a view submission feature in the plugin that makes a get request using the sub_id parameter, which is not cleaned, escaped or validated before being inserted into the SQL statement, and an attacker can exploit this vulnerability to cause SQL injection.