WordPress Plugin Vulnerabilities

Advanced Contact form 7 DB <= 1.6.0 - Authenticated SQL Injection

Description

The Advanced Contact form 7 DB WordPress plugin was affected by an Authenticated SQL Injection security vulnerability.

Affects Plugins

Plugin icon
advanced-cf7-db
Fixed in 1.6.1

References

URL
https://blog.sucuri.net/2019/04/sql-injection-in-advance-contact-form-7-db.html
URL
https://plugins.trac.wordpress.org/changeset/2066512/advanced-cf7-db

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89

Miscellaneous

Original Researcher
Sucuri
Submitter
Ryan Dewhurst
Submitter website
https://wpscan.io
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
d6b93879-0a0b-41c1-93b0-70856025ca0d

Timeline

Publicly Published
2019-04-11 (about 7 years ago)
Added
2019-04-11 (about 7 years ago)
Last Updated
2019-11-01 (about 6 years ago)

Other

Published
Title
Published
2025-10-14
Title
onOffice for WP-Websites < 6.10 - Authenticated (Editor+) SQL Injection
Published
2023-10-03
Title
Advanced Page Visit Counter < 8.0.1 - Contributor+ SQLi
Published
2025-05-19
Title
AutomatorWP < 5.2.2 - Authenticated (Administrator+) SQL Injection
Published
2025-04-09
Title
Click & Pledge Connect Plugin < 2.24120000-WP6.7.1-WP6.6.1 - Unauthenticated SQL Injection
Published
2025-01-07
Title
Multiple Carousel <= 2.0 - Unauthenticated SQL Injection