CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-36508 – WordPress Contact Form to DB by BestWebSoft Plugin <= 1.7.1 is vulnerable to SQL Injection
https://notcve.org/view.php?id=CVE-2023-36508
23 Jun 2023 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in BestWebSoft Contact Form to DB by BestWebSoft – Messages Database Plugin For WordPress contact-form-to-db allows SQL Injection.This issue affects Contact Form to DB by BestWebSoft – Messages Database Plugin For WordPress: from n/a through 1.7.1. Neutralización Inadecuada de Elementos Especiales utilizados en una vulnerabilidad de comando SQL ('Inyección SQL') en BestWebSoft Contact Form to DB por BestWebSof... • https://patchstack.com/database/vulnerability/contact-form-to-db/wordpress-contact-form-to-db-by-bestwebsoft-plugin-1-7-1-sql-injection-vulnerability?_s_id=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-29096 – WordPress Contact Form to DB by BestWebSoft Plugin <= 1.7.0 is vulnerable to SQL Injection
https://notcve.org/view.php?id=CVE-2023-29096
17 Apr 2023 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in BestWebSoft Contact Form to DB by BestWebSoft – Messages Database Plugin For WordPress.This issue affects Contact Form to DB by BestWebSoft – Messages Database Plugin For WordPress: from n/a through 1.7.0. Neutralización incorrecta de elementos especiales utilizados en una vulnerabilidad de comando SQL ('Inyección SQL') en BestWebSoft Contact Form to DB by BestWebSoft – Messages Database Plugin for WordPres... • https://patchstack.com/database/vulnerability/contact-form-to-db/wordpress-contact-form-to-db-by-bestwebsoft-plugin-1-7-0-sql-injection-vulnerability?_s_id=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 51EXPL: 0CVE-2017-2171
https://notcve.org/view.php?id=CVE-2017-2171
22 May 2017 — Cross-site scripting vulnerability in Captcha prior to version 4.3.0, Car Rental prior to version 1.0.5, Contact Form Multi prior to version 1.2.1, Contact Form prior to version 4.0.6, Contact Form to DB prior to version 1.5.7, Custom Admin Page prior to version 0.1.2, Custom Fields Search prior to version 1.3.2, Custom Search prior to version 1.36, Donate prior to version 2.1.1, Email Queue prior to version 1.1.2, Error Log Viewer prior to version 1.0.6, Facebook Button prior to version 2.54, Featured Post... • http://jvndb.jvn.jp/jvndb/JVNDB-2017-000094 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-91: XML Injection (aka Blind XPath Injection) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-18492 – Contact Form to DB <= 1.5.6 - Multiple Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2017-18492
12 Apr 2017 — The contact-form-to-db plugin before 1.5.7 for WordPress has multiple XSS issues. El complemento contact-form-to-db anterior de 1.5.7 para WordPress tiene múltiples problemas XSS. The Contact Form to DB plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 1.5.6 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser. • https://wordpress.org/plugins/contact-form-to-db/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •