CVE-2023-36508 — SQL Injection in Contact Form TO DB BY Bestwebsoft Messages Database Plugin FOR Wordpress

CWE-89 — SQL Injection3 documents3 sources

Severity

9.8CRITICALNVD

EPSS

0.4%

top 36.76%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Bestwebsoft Contact Form TO DB BY Bestwebsoft Messages Database Plugin FOR Wordpress Bestwebsoft Contact Form TO DB

Timeline

PublishedOct 31

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in BestWebSoft Contact Form to DB by BestWebSoft – Messages Database Plugin For WordPress contact-form-to-db allows SQL Injection.This issue affects Contact Form to DB by BestWebSoft – Messages Database Plugin For WordPress: from n/a through 1.7.1.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5bestwebsoft/contact_form_to_db_by_bestwebsoft_messages_database_plugin_for_wordpressn/a — 1.7.1

▶NVDbestwebsoft/contact_form_to_db1.7.1

🔴Vulnerability Details

CVEList

WordPress Contact Form to DB by BestWebSoft Plugin <= 1.7.1 is vulnerable to SQL Injection↗2023-10-31

▶

GHSA

GHSA-mph8-5cmm-748x: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in BestWebSoft Contact Form to DB by BestWebSoft –↗2023-10-31

▶