CVE-2023-32741 WordPress Contact Form to Any API Plugin <= 1.1.2 is vulnerable to SQL Injection

2023-11-0323:04:23

CWE-89

Patchstack

www.cve.org

cve-2023-32741

wordpress

contact form to any api

sql injection

it path solutions pvt ltd

EPSS

0.001

Percentile

19.3%

JSON

Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in IT Path Solutions PVT LTD Contact Form to Any API allows SQL Injection.This issue affects Contact Form to Any API: from n/a through 1.1.2.

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "contact-form-to-any-api",
    "product": "Contact Form to Any API",
    "vendor": "IT Path Solutions PVT LTD",
    "versions": [
      {
        "changes": [
          {
            "at": "1.1.3",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "1.1.2",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]