SQL Injection Vulnerability in cforms2 Plugin for WordPress
CVE-2015-9333

9.8CRITICAL

Key Information:

Vendor: Wordpress
Status: Cformsii
Vendor: CVE Published:; 22 August 2019

Summary

The cforms2 plugin for WordPress, prior to version 14.6.10, is susceptible to SQL injection attacks. This vulnerability allows attackers to manipulate database queries through crafted inputs, potentially leading to unauthorized access to sensitive information or even complete database control. Website owners using this plugin should update to the latest version to mitigate the risk of exploitation.

References

https://wordpress.org/plugins/cforms2/#developers

x_refsource_MISC

https://wpvulndb.com/vulnerabilities/9773

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 22, 2019
Vulnerability Reserved
Aug 21, 2019