Lucene search
PRIOn knowledge basePRION:CVE-2023-1615HistoryJun 09, 2023 - 6:15 a.m.
Sql injection
2023-06-0906:15:00
PRIOn knowledge base
www.prio-n.com
8
wordpress
sql injection
vulnerability
ultimate addons
contact form 7
nvd
The Ultimate Addons for Contact Form 7 plugin for WordPress is vulnerable to SQL Injection via the ‘id’ parameter in versions up to, and including, 3.1.23. This makes it possible for authenticated attackers of any authorization level to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
| CPE | Name | Operator | Version |
|---|---|---|---|
| ultimate_addons_for_contact_form_7 | le | 3.1.23 |
References
plugins.trac.wordpress.org/browser/ultimate-addons-for-contact-form-7/trunk/addons/database/database.php?rev=2897709
plugins.trac.wordpress.org/changeset/2901676/
wordpress.org/plugins/ultimate-addons-for-contact-form-7/
www.wordfence.com/threat-intel/vulnerabilities/id/817ca119-ddaf-4525-beee-68c4e0aac544?source=cve
Related
cvelist
cvelist
CVE-2023-1615
2023-06-09 05:33:22
cve
cve
CVE-2023-1615
2023-06-09 06:15:57
wpvulndb
wpvulndb
Ultimate Addons for Contact Form 7 3.1.23 - Subscriber+ SQLi
2023-06-08 00:00:00
Ultimate Addons for Contact Form 7 < 3.1.24 - Subscriber+ SQL Injection
2023-06-08 00:00:00
nvd
nvd
CVE-2023-1615
2023-06-09 06:15:57
wordfence
wordfence