3 matches found
WordPress Advanced Form Integration 1.82.0 SQL Injection / Cross Site Scripting
WordPress Advanced Form Integration plugin versions 1.82.0 and below suffer from a remote SQL injection vulnerability that can be leveraged for cross site scripting attacks. CVE-2024-2387 Advanced Form Integration – Connect WooCommerce and Contact Form 7 to Google Sheets and other platforms =...
CVE-2024-2387
The CVE-2024-2387 entry concerns the WordPress plugin Advanced Form Integration – Connect WooCommerce and Contact Form 7 to Google Sheets and other platforms. Affected versions are all up to and including 1.82.0, due to insufficient escaping of the integration_id parameter and inadequate query pr...
WordPress Advanced Form Integration Plugin <= 1.82.0 is vulnerable to SQL Injection
Software Advanced Form Integration Type Plugin Vulnerable versions = 1.82.0 Fixed in 1.82.6 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-2387 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID ddbe2c24ac81 Credits Krzysztof Zając Required privilege...