ThreatPress

WordPress Vulnerability Database

Back

WordPress Contact Form by Supsystic plugin <= 1.7.5 - SQL injection (SQLi) vulnerability

Product
Contact Form by Supsystic
Description
SQL injection (SQLi) vulnerability found by Erik David Martin in WordPress Contact Form by Supsystic plugin (versions <= 1.7.5).
Solution
Update the WordPress Contact Form by Supsystic plugin to the latest available version (at least 1.7.7).
Classification
Type SQL Injection
OWASP Top 10 A1: Injection
References
Plugin changelog
Vulnerability details
CVE
Name CVE-N/A
Versions
Affected In <= 1.7.5
Fixed In 1.7.7
Disclosure date
2021-02-08
Credits
Erik David Martin