Ultimate Addons for Contact Form 7 < 3.1.24 - Subscriber+ SQL Injection

2023-06-0800:00:00

wpscan.com

plugin

sql injection

vulnerability

sanitize

parameter

EPSS

0.002

Percentile

61.1%

JSON

The plugin does not properly sanitize the ‘id’ parameter, leading to a SQL Injection vulnerability.

References

www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/ultimate-addons-for-contact-form-7/ultimate-addons-for-contact-form-7-3123-authenticatedsubscriber-sql-injection

EPSS

0.002

Percentile

61.1%

JSON

Related for WPVDB-ID:C0006C2B-5065-43B4-A76B-405A202B2FC6