Contact Form Entries < 1.3.1 – SQL Injection | CVE 2023-31212

Affects Plugins

Fixed in 1.3.1

References

CVE

CVE-2023-31212

URL

https://patchstack.com/database/vulnerability/contact-form-entries/wordpress-contact-form-entries-plugin-1-3-0-auth-sql-injection-sqli-vulnerability

Classification

Type

SQLI

OWASP top 10

A1: Injection

CWE

CWE-89

CVSS

6.8 (medium)

Miscellaneous

Original Researcher

Rafie Muhammad

Verified

No

WPVDB ID

0b461d66-ee23-4582-acef-76b6181bf295

Timeline

Publicly Published

2023-05-22 (about 2 years ago)

Added

2023-11-03 (about 2 years ago)

Last Updated

2023-11-03 (about 2 years ago)

Other

Published

Title

Published

2022-12-05

Title

Contest Gallery < 19.1.5 - Author+ SQL Injection

Published

2024-09-23

Title

WP Easy Gallery – WordPress Gallery Plugin <= 4.8.5 - Authenticated (Subscriber+) SQL Injection

Published

2025-06-23

Title

Simple Link Directory < 14.8.1 - Authenticated (Subscriber+) SQL Injection

Published

2022-11-08

Title

Form Vibes < 1.4.6 - Admin+ SQLi

Published

2025-02-24

Title

FS Poster < 6.5.9 - Subscriber+ SQL Injection