WordPress Contact Form by Supsystic plugin <= 1.7.5 - SQL injection (SQLi) vulnerability

Back

Product: Contact Form by Supsystic
Description: SQL injection (SQLi) vulnerability found by Erik David Martin in WordPress Contact Form by Supsystic plugin (versions <= 1.7.5).
Solution: Update the WordPress Contact Form by Supsystic plugin to the latest available version (at least 1.7.7).
Classification: Type SQL Injection
OWASP Top 10 A1: Injection
References: Plugin changelog
Vulnerability details
CVE: Name CVE-N/A
Versions: Affected In <= 1.7.5
Fixed In 1.7.7
Disclosure date: 2021-02-08
Credits: Erik David Martin

ThreatPress