WordPress Plugin Vulnerabilities

Contact Form to DB by BestWebSoft < 1.7.2 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in BestWebSoft Contact Form to DB by BestWebSoft – Messages Database Plugin For WordPress contact-form-to-db allows SQL Injection.This issue affects Contact Form to DB by BestWebSoft – Messages Database Plugin For WordPress: from n/a through 1.7.1.

Affects Plugins

Plugin icon
contact-form-to-db
Fixed in 1.7.2

References

CVE
CVE-2023-36508

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89

Miscellaneous

Original Researcher
LEE SE HYOUNG
Verified
No
WPVDB ID
69d6bcd7-58c5-4948-a6d9-177c4c9a96b1

Timeline

Publicly Published
2023-10-31 (about 2 years ago)
Added
2023-10-31 (about 2 years ago)
Last Updated
2023-10-31 (about 2 years ago)

Other

Published
Title
Published
2024-12-13
Title
WP Job Portal < 2.2.3 - Authenticated (Admin+) SQL Injection
Published
2014-08-01
Title
Mingle Forum <= 1.0.31 - SQL Injection
Published
2025-10-02
Title
Blappsta Mobile App Plugin – Your native, mobile iPhone App and Android App <= 0.8.8.8 - Unauthenticated SQL Injection
Published
2015-07-08
Title
Pretty Link Lite <= 1.6.7 - Authenticated SQL Injection
Published
2024-11-10
Title
JSP Store Locator <= 1.0 - Contributor+ SQL Injection