CVE-2023-29096 — SQL Injection in Contact Form TO DB BY Bestwebsoft Messages Database Plugin FOR Wordpress

CWE-89 — SQL Injection3 documents3 sources

Severity

8.8HIGHNVD

CNA8.5

EPSS

0.1%

top 64.86%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Bestwebsoft Contact Form TO DB BY Bestwebsoft Messages Database Plugin FOR Wordpress Bestwebsoft Contact Form TO DB

Timeline

PublishedDec 20

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in BestWebSoft Contact Form to DB by BestWebSoft – Messages Database Plugin For WordPress.This issue affects Contact Form to DB by BestWebSoft – Messages Database Plugin For WordPress: from n/a through 1.7.0.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5bestwebsoft/contact_form_to_db_by_bestwebsoft_messages_database_plugin_for_wordpressn/a — 1.7.0

▶NVDbestwebsoft/contact_form_to_db1.7.0

🔴Vulnerability Details

GHSA

GHSA-87g3-q4pf-fc8f: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in BestWebSoft Contact Form to DB by BestWebSoft –↗2023-12-20

▶

CVEList

WordPress Contact Form to DB by BestWebSoft Plugin <= 1.7.0 is vulnerable to SQL Injection↗2023-12-20

▶