ThreatPress

WordPress Vulnerability Database

Back

WordPress Contact Form Submissions plugin <= 1.6.4 - Authenticated SQL Injection (SQLi) vulnerability

Product
Contact Form Submissions
Description
Authenticated SQL Injection (SQLi) vulnerability found by Minh Tuan and Nguyen Anh Tien in WordPress Contact Form Submissions plugin (versions <= 1.6.4).
Solution
2021-01-11 - we could not find a patched version of this plugin (last updated 10 months ago). The plugin is poorly maintained, we recommend deactivating and deleting it at least until a patched version is available.
Classification
Type SQL Injection
OWASP Top 10 A1: Injection
References
Plugin changelog
CVE
Name CVE-N/A
Versions
Affected In <= 1.6.4
Disclosure date
2021-01-03
Credits
Sun* R&D Lab