CVE-2023-32741

WordPress Contact Form to Any API Plugin <= 1.1.2 is vulnerable to SQL Injection

CVSS 7.6 HIGHEPSS 0.6%CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in IT Path Solutions PVT LTD Contact Form to Any API allows SQL Injection.This issue affects Contact Form to Any API: from n/a through 1.1.2.

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L

Affected products

IT Path Solutions PVT LTD · Contact Form to Any API

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://packetstormsecurity.com/files/175654/WordPress-Contact-Form-To-Any-API-1.1.2-SQL-Injection.html https://patchstack.com/database/vulnerability/contact-form-to-any-api/wordpress-contact-form-to-any-api-plugin-1-1-2-sql-injection-vulnerability?_s_id=cve