FluentForm < 5.0.0 – SQL Injection | CVE 2023-24410

Affects Plugins

fluentform

Fixed in 5.0.0

References

CVE

CVE-2023-24410

URL

https://patchstack.com/database/vulnerability/fluentform/wordpress-fluentform-plugin-4-3-25-sql-injection-vulnerability

Classification

Type

SQLI

OWASP top 10

A1: Injection

CWE

CWE-89

CVSS

4.1 (medium)

Miscellaneous

Original Researcher

Ravi Dharmawan

Verified

No

WPVDB ID

6e87badd-eccb-4c1d-9662-21ae5f76097a

Timeline

Publicly Published

2023-07-12 (about 2 years ago)

Added

2023-11-03 (about 2 years ago)

Last Updated

2023-11-03 (about 2 years ago)

Other

Published

Title

Published

2015-12-11

Title

Link Log < 2.1 - SQL Injection

Published

2023-12-28

Title

Page Generator < 1.7.2 - Authenticated(Administrator+) SQL Injection

Published

2025-04-16

Title

Cost Calculator Builder < 3.2.68 - Unauthenticated SQL Injection

Published

2022-02-28

Title

Advanced Booking Calendar < 1.7.0 - Unauthenticated SQL Injection

Published

2025-04-09

Title

Duplicate Title Checker <= 1.2 - Authenticated (Subscriber+) SQL Injection