CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2023-2527 – Integration for Contact Form 7 and Zoho CRM, Bigin < 1.2.4 - Admin+ SQLi
https://notcve.org/view.php?id=CVE-2023-2527
22 May 2023 — The Integration for Contact Form 7 and Zoho CRM, Bigin WordPress plugin before 1.2.4 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin The Integration for Contact Form 7 and Zoho CRM, Bigin plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter in versions up to, and including, 1.2.3 due to insufficient escaping on the user supplied parameter and lack of sufficient prepar... • https://wpscan.com/vulnerability/8051142a-4e55-4dc2-9cb1-1b724c67574f • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-25976 – WordPress Integration for Contact Form 7 and Zoho CRM, Bigin Plugin <= 1.2.2 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-25976
22 Feb 2023 — Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks Integration for Contact Form 7 and Zoho CRM, Bigin plugin <= 1.2.2 versions. The Integration for Contact Form 7 and Zoho CRM, Bigin plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.2. This is due to missing or incorrect nonce validation on the 'settings_page' function. This makes it possible for unauthenticated attackers to modify plugin settings via a forged request granted they can trick a si... • https://patchstack.com/database/vulnerability/cf7-zoho/wordpress-integration-for-contact-form-7-and-zoho-crm-bigin-plugin-1-2-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •