WordPress Contact Form to DB by BestWebSoft Plugin <= 1.7.0 is vulnerable to SQL Injection

CVE-2023-29096

What is CVE-2023-29096?

An SQL Injection vulnerability exists in the BestWebSoft Contact Form to DB plugin for WordPress, specifically in versions up to 1.7.0. This flaw arises from improper neutralization of special elements used in SQL commands, which could allow attackers to manipulate SQL queries executed by the plugin. If exploited, this vulnerability could enable unauthorized access to sensitive database information and compromise the integrity of the application. Website owners using this plugin should prioritize patching or updating their installations to mitigate potential security risks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch →

References