ThreatPress

WordPress Vulnerabilities Database

Back

Contact Form for WordPress – Ultimate Form Builder Lite plugin <=1.3.6 - SQL Injection (SQLi) vulnerability

Product
Ultimate Form Builder Lite
Description
SQL Injection vulnerability found by WordFence Security Team in Contact Form for WordPress – Ultimate Form Builder Lite plugin.
Solution
Update the Contact Form for WordPress – Ultimate Form Builder Lite plugin to the latest available version (at least 1.3.7).
Classification
Type SQL Injection
OWASP Top 10 A1: Injection
References
Plugin changelog
CVE
Name CVE-N/A
Versions
Affected In <=1.3.6
Fixed In 1.3.7
Disclosure date
2017-10-24
Credits
WordFence Security Team
Submitter
ThreatPress