Advanced Contact form 7 DB <= 1.6.0 - Authenticated SQL Injection

Affects Plugin

fixed in version 1.6.1

References

URL https://blog.sucuri.net/2019/04/sql-injection-in-advance-contact-form-7-db.html
URL https://plugins.trac.wordpress.org/changeset/2066512/advanced-cf7-db

Classification

Type SQLI
OWASP Top 10 A1: Injection
CWE CWE-89

Miscellaneous

Original Researcher Sucuri
Submitter Ryan Dewhurst
Submitter Website https://wpscan.io
Submitter Twitter ethicalhack3r
Views 8293
Verified No
WPVDB ID 9255

Timeline

Publicly Published 2019-04-11 (6 months ago)
Added 2019-04-11 (6 months ago)
Last Updated 2019-07-26 (3 months ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin