Bestwebsoft Contact Form To Db vulnerabilities

5 known vulnerabilities affecting bestwebsoft/contact_form_to_db.

Total CVEs
5
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH2MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2024-35678HIGHCVSS 8.8fixed in 1.7.32024-06-08
CVE-2024-35678 [HIGH] CWE-89 CVE-2024-35678: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in BestWebSoft Contact Form to DB by BestWebSoft.This issue affects Contact Form to DB by BestWebSoft: from n/a through 1.7.2.
nvd
CVE-2023-29096HIGHCVSS 8.8≤ 1.7.02023-12-20
CVE-2023-29096 [HIGH] CWE-89 CVE-2023-29096: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in BestWebSoft Contact Form to DB by BestWebSoft – Messages Database Plugin For WordPress.This issue affects Contact Form to DB by BestWebSoft – Messages Database Plugin For WordPress: from n/a through 1.7.0.
nvd
CVE-2023-36508CRITICALCVSS 9.8≤ 1.7.12023-10-31
CVE-2023-36508 [CRITICAL] CWE-89 CVE-2023-36508: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in BestWebSoft Contact Form to DB by BestWebSoft – Messages Database Plugin For WordPress contact-form-to-db allows SQL Injection.This issue affects Contact Form to DB by BestWebSoft – Messages Database Plugin For WordPress: from n/a through 1.7.1.
nvd
CVE-2017-18492MEDIUMCVSS 6.1PoCfixed in 1.5.72019-08-13
CVE-2017-18492 [MEDIUM] CWE-79 CVE-2017-18492: The contact-form-to-db plugin before 1.5.7 for WordPress has multiple XSS issues. The contact-form-to-db plugin before 1.5.7 for WordPress has multiple XSS issues.
nvd
CVE-2017-2171MEDIUMCVSS 6.1≤ 1.5.6vprior to version 1.5.72017-05-22
CVE-2017-2171 [MEDIUM] CWE-79 CVE-2017-2171: Cross-site scripting vulnerability in Captcha prior to version 4.3.0, Car Rental prior to version 1. Cross-site scripting vulnerability in Captcha prior to version 4.3.0, Car Rental prior to version 1.0.5, Contact Form Multi prior to version 1.2.1, Contact Form prior to version 4.0.6, Contact Form to DB prior to version 1.5.7, Custom Admin Page prior to version 0.1.2, Custom Fields Search prior to version 1.3.2, Custom Search prior to version 1.36, Do
cvelistv5nvd