CVE-2024-49615 – WordPress SafetyForms plugin <= 1.0.0 - CSRF to SQL Injection vulnerability

https://notcve.org/view.php?id=CVE-2024-49615

18 Oct 2024 — Cross-Site Request Forgery (CSRF) vulnerability in Henrique Rodrigues SafetyForms allows Blind SQL Injection.This issue affects SafetyForms: from n/a through 1.0.0. The SafetyForms plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.0. This is due to missing or incorrect nonce validation on one of its functions. This makes it possible for unauthenticated attackers to inject malicious SQL code into a query via a forged request granted they can trick a site a... • https://patchstack.com/database/vulnerability/safetymails-forms/wordpress-safetyforms-plugin-1-0-0-csrf-to-sql-injection-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •