← volver
CVE-2023-32741

WordPress Contact Form to Any API Plugin <= 1.1.2 is vulnerable to SQL Injection

CVSS 7.6 HIGHEPSS 0.6%CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in IT Path Solutions PVT LTD Contact Form to Any API allows SQL Injection.This issue affects Contact Form to Any API: from n/a through 1.1.2.
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L
Productos afectados
IT Path Solutions PVT LTD · Contact Form to Any API

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
http://packetstormsecurity.com/files/175654/WordPress-Contact-Form-To-Any-API-1.1.2-SQL-Injection.htmlhttps://patchstack.com/database/vulnerability/contact-form-to-any-api/wordpress-contact-form-to-any-api-plugin-1-1-2-sql-injection-vulnerability?_s_id=cve