Contact Form Submissions <= 1.6.4 - Authenticated Double Query SQL injection

2021-01-03T00:00:00
ID WPVDB-ID:0C3A91D4-A75A-4107-BFC5-015590A72ABE
Type wpvulndb
Reporter Lenon Leite
Modified 2021-01-03T16:04:28

Description

The plugin is affected by a double query SQL injection, which could allow high privileged users to access data from the DBMS. Edit (WPScanTeam) October 26th, 2020 - Confirmed & Escalated to WP October 27th, 2020 - WP Investigating January 3rd, 2021 - No updates, disclosing

PoC

The PoC will be displayed once the issue has been remediated