Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpexploitMinh TuanWPEX-ID:8591B3C9-B041-4FF5-B8D9-6F9F81041178
HistoryJan 03, 2021 - 12:00 a.m.

Contact Form Submissions <= 1.6.4 - Authenticated SQL Injection

2021-01-0300:00:00
Minh Tuan
629
JSON

The wpcf7_contact_form GET parameter is vulnerable to SQL injection when submitting a filter request as a high privilege user (admin+) Edit (WPScanTeam) September 28th, 2020 - Escalated to WP & WP Investigating October 26th, 2020 - Received another submission related a SQL injection in the same parameter but with a different vector: https://wpscan.com/vulnerability/0c3a91d4-a75a-4107-bfc5-015590a72abe January 3rd, 2021 - No updates, disclosing

The PoC will be displayed once the issue has been remediated

Related

prion 1
wpvulndb 1
cve 1
cvelist 1
patchstack 1
prion
prion
Sql injection
2021-03-18 15:15:00
wpvulndb
wpvulndb
Contact Form Submissions <= 1.6.4 - Authenticated SQL Injection
2021-01-03 00:00:00
cve
cve
CVE-2021-24125
2021-03-18 15:15:00
cvelist
cvelist
CVE-2021-24125 Contact Form Submissions < 1.7.1 - Authenticated SQL Injection
2021-03-18 14:57:48
patchstack
patchstack
WordPress Contact Form Submissions plugin <= 1.7 - Authenticated SQL Injection (SQLi) vulnerability
2021-01-03 00:00:00
JSON
Related for WPEX-ID:8591B3C9-B041-4FF5-B8D9-6F9F81041178
prion1wpvulndb1cve1cvelist1patchstack1