ThreatPress

WordPress Vulnerability Database

Back

WordPress Contact Form 7 Database Addon – CFDB7 plugin <= 1.2.5.3 - Insufficient Input Sanitization Leading To Authenticated SQL Injection (SQLi) vulnerability

Product
Contact Form 7 Database Addon – CFDB7
Description
Insufficient Input Sanitization Leading To Authenticated SQL Injection (SQLi) vulnerability found in WordPress Contact Form 7 Database Addon – CFDB7 plugin (versions <= 1.2.5.3).
Solution
Update the WordPress Contact Form 7 Database Addon – CFDB7 plugin to the latest available version (at least 1.2.5.4)
Classification
Type SQL Injection
OWASP Top 10 A1: Injection
References
Plugin changelog
CVE
Name CVE-N/A
Versions
Affected In <= 1.2.5.3
Fixed In 1.2.5.4
Disclosure date
2021-01-21