WordPress Plugin Vulnerabilities

rk-responsive-contact-form 1.0 - Authenticated Blind SQL Injection

Description

The rk-responsive-contact-form WordPress plugin was affected by an Authenticated Blind SQL Injection security vulnerability.

Affects Plugins

Plugin icon
rk-responsive-contact-form
No known fix

References

CVE
CVE-2017-1002027
URL
http://www.vapidlabs.com/advisory.php?v=198

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89
CVSS
9.8 (critical)

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
c537d871-4f68-43f0-83db-f1895105c2a8

Timeline

Publicly Published
2017-08-05 (about 8 years ago)
Added
2017-08-16 (about 8 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2025-01-22
Title
Product Table by WBW < 2.1.3 - Unuthenticated SQL Injection
Published
2025-08-15
Title
tPlayer <= 1.2.1.6 - Unauthenticated SQL Injection
Published
2021-06-29
Title
Popup box < 2.3.4 - Authenticated Blind SQL Injections
Published
2024-12-05
Title
KiviCare – Clinic & Patient Management System (EHR) < 3.6.5 - Unauthenticated SQL Injection
Published
2016-12-14
Title
Xtreme Locator Dealer Locator Plugin 1.5 – Authenticated SQL Injection