CVE-2023-36508: WordPress Contact Form to DB by BestWebSoft Plugin <= 1.7.1 is vulnerable to SQL Injection
First published: Tue Oct 31 2023(Updated: )
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in BestWebSoft Contact Form to DB by BestWebSoft – Messages Database Plugin For WordPress contact-form-to-db allows SQL Injection.This issue affects Contact Form to DB by BestWebSoft – Messages Database Plugin For WordPress: from n/a through 1.7.1.
Credit: audit@patchstack.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Bestwebsoft Contact Form To Db Wordpress | <=1.7.1 |
Remedy
Update to 1.7.2 or a higher version.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2023-36508.
What is the title of the vulnerability?
The title of the vulnerability is WordPress Contact Form to DB by BestWebSoft Plugin <= 1.7.1 is vulnerable to SQL Injection.
What is the severity level of CVE-2023-36508?
The severity level of CVE-2023-36508 is critical (9.8).
What is the affected software?
The affected software is BestWebSoft Contact Form to DB by BestWebSoft Plugin version 1.7.1 and below.
How does the vulnerability affect the software?
The vulnerability allows SQL injection in the BestWebSoft Contact Form to DB by BestWebSoft Plugin.
- collector/mitre-cve
- agent/weakness
- agent/tags
- agent/event
- agent/references
- agent/title
- agent/severity
- agent/author
- agent/description
- agent/type
- agent/remedy
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/nvd-api
- agent/software-canonical-lookup-request
- vendor/bestwebsoft
- canonical/bestwebsoft contact form to db wordpress
- version/bestwebsoft contact form to db wordpress/1.7.1