WordPress Contact Form Entries Plugin <= 1.3.0 is vulnerable to SQL Injection
CVE-2023-31212

9.8CRITICAL

What is CVE-2023-31212?

An SQL Injection vulnerability exists in the CRM Perks Database plugin for WordPress, affecting its integration with Contact Form 7, WPforms, and Elementor forms. This security flaw allows attackers to manipulate SQL commands through improperly sanitized input, potentially leading to unauthorized data access and manipulation. Users are advised to ensure their installations are updated to secure versions to mitigate this risk.

Affected Version(s)

Database for Contact Form 7, WPforms, Elementor forms <= 1.3.0

References

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Rafie Muhammad (Patchstack)
.
The Cyber Security Vulnerability Database.