CVE-2023-24410: WordPress FluentForm Plugin <= 4.3.25 is vulnerable to SQL Injection
First published: Tue Oct 31 2023(Updated: )
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Contact Form - WPManageNinja LLC Contact Form Plugin – Fastest Contact Form Builder Plugin for WordPress by Fluent Forms fluentform allows SQL Injection.This issue affects Contact Form Plugin – Fastest Contact Form Builder Plugin for WordPress by Fluent Forms: from n/a through 4.3.25.
Credit: audit@patchstack.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Fluent Forms | <=4.3.25 |
Remedy
Update to 5.0.0 or a higher version.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2023-24410.
What is the severity of CVE-2023-24410?
CVE-2023-24410 has a severity level of critical.
Which version of WordPress FluentForm Plugin is affected?
The vulnerability affects WordPress FluentForm Plugin versions up to and including 4.3.25.
What is the CWE ID associated with this vulnerability?
The CWE ID associated with CVE-2023-24410 is CWE-89.
Is there a patch available for this vulnerability?
Yes, a patch is available for this vulnerability. Please refer to the reference link for more information.
- collector/mitre-cve
- agent/type
- agent/event
- agent/first-publish-date
- agent/remedy
- agent/title
- agent/weakness
- agent/references
- agent/author
- agent/severity
- agent/softwarecombine
- agent/description
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/source
- agent/tags
- vendor/fluentforms
- canonical/fluent forms
- version/fluent forms/4.3.25