WordPress Contact Form 7 Database Addon – CFDB7 plugin <= 1.2.5.3 - Insufficient Input Sanitization Leading To Authenticated SQL Injection (SQLi) vulnerability

Back

Product: Contact Form 7 Database Addon – CFDB7
Description: Insufficient Input Sanitization Leading To Authenticated SQL Injection (SQLi) vulnerability found in WordPress Contact Form 7 Database Addon – CFDB7 plugin (versions <= 1.2.5.3).
Solution: Update the WordPress Contact Form 7 Database Addon – CFDB7 plugin to the latest available version (at least 1.2.5.4)
Classification: Type SQL Injection
OWASP Top 10 A1: Injection
References: Plugin changelog
CVE: Name CVE-N/A
Versions: Affected In <= 1.2.5.3
Fixed In 1.2.5.4
Disclosure date: 2021-01-21

ThreatPress