Vulnerabilites related to BestWebSoft - Contact Form to DB by BestWebSoft – Messages Database Plugin For WordPress
CVE-2023-36508 (GCVE-0-2023-36508)
Vulnerability from cvelistv5
Published
2023-10-31 14:23
Modified
2025-02-19 21:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in BestWebSoft Contact Form to DB by BestWebSoft – Messages Database Plugin For WordPress contact-form-to-db allows SQL Injection.This issue affects Contact Form to DB by BestWebSoft – Messages Database Plugin For WordPress: from n/a through 1.7.1.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
BestWebSoft | Contact Form to DB by BestWebSoft – Messages Database Plugin For WordPress |
Version: n/a < |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T16:45:57.051Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vdb-entry", "x_transferred" ], "url": "https://patchstack.com/database/vulnerability/contact-form-to-db/wordpress-contact-form-to-db-by-bestwebsoft-plugin-1-7-1-sql-injection-vulnerability?_s_id=cve" } ], "title": "CVE Program Container" }, { "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2023-36508", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2025-02-19T21:12:08.235885Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-02-19T21:24:38.348Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "contact-form-to-db", "product": "Contact Form to DB by BestWebSoft \u2013 Messages Database Plugin For WordPress", "vendor": "BestWebSoft", "versions": [ { "changes": [ { "at": "1.7.2", "status": "unaffected" } ], "lessThanOrEqual": "1.7.1", "status": "affected", "version": "n/a", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "LEE SE HYOUNG (Patchstack Alliance)" } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability in BestWebSoft Contact Form to DB by BestWebSoft \u2013 Messages Database Plugin For WordPress contact-form-to-db allows SQL Injection.\u003cp\u003eThis issue affects Contact Form to DB by BestWebSoft \u2013 Messages Database Plugin For WordPress: from n/a through 1.7.1.\u003c/p\u003e" } ], "value": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability in BestWebSoft Contact Form to DB by BestWebSoft \u2013 Messages Database Plugin For WordPress contact-form-to-db allows SQL Injection.This issue affects Contact Form to DB by BestWebSoft \u2013 Messages Database Plugin For WordPress: from n/a through 1.7.1.\n\n" } ], "impacts": [ { "capecId": "CAPEC-66", "descriptions": [ { "lang": "en", "value": "CAPEC-66 SQL Injection" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-89", "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-31T14:23:21.313Z", "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack" }, "references": [ { "tags": [ "vdb-entry" ], "url": "https://patchstack.com/database/vulnerability/contact-form-to-db/wordpress-contact-form-to-db-by-bestwebsoft-plugin-1-7-1-sql-injection-vulnerability?_s_id=cve" } ], "solutions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Update to\u0026nbsp;1.7.2 or a higher version." } ], "value": "Update to\u00a01.7.2 or a higher version." } ], "source": { "discovery": "EXTERNAL" }, "title": "WordPress Contact Form to DB by BestWebSoft Plugin \u003c= 1.7.1 is vulnerable to SQL Injection", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "assignerShortName": "Patchstack", "cveId": "CVE-2023-36508", "datePublished": "2023-10-31T14:23:21.313Z", "dateReserved": "2023-06-22T08:38:41.922Z", "dateUpdated": "2025-02-19T21:24:38.348Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2023-29096 (GCVE-0-2023-29096)
Vulnerability from cvelistv5
Published
2023-12-20 17:16
Modified
2024-08-02 14:00
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in BestWebSoft Contact Form to DB by BestWebSoft – Messages Database Plugin For WordPress.This issue affects Contact Form to DB by BestWebSoft – Messages Database Plugin For WordPress: from n/a through 1.7.0.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
BestWebSoft | Contact Form to DB by BestWebSoft – Messages Database Plugin For WordPress |
Version: n/a < |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T14:00:15.848Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vdb-entry", "x_transferred" ], "url": "https://patchstack.com/database/vulnerability/contact-form-to-db/wordpress-contact-form-to-db-by-bestwebsoft-plugin-1-7-0-sql-injection-vulnerability?_s_id=cve" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "contact-form-to-db", "product": "Contact Form to DB by BestWebSoft \u2013 Messages Database Plugin For WordPress", "vendor": "BestWebSoft", "versions": [ { "changes": [ { "at": "1.7.1", "status": "unaffected" } ], "lessThanOrEqual": "1.7.0", "status": "affected", "version": "n/a", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "easyBug (Patchstack Alliance)" } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability in BestWebSoft Contact Form to DB by BestWebSoft \u2013 Messages Database Plugin For WordPress.\u003cp\u003eThis issue affects Contact Form to DB by BestWebSoft \u2013 Messages Database Plugin For WordPress: from n/a through 1.7.0.\u003c/p\u003e" } ], "value": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability in BestWebSoft Contact Form to DB by BestWebSoft \u2013 Messages Database Plugin For WordPress.This issue affects Contact Form to DB by BestWebSoft \u2013 Messages Database Plugin For WordPress: from n/a through 1.7.0.\n\n" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-89", "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-12-20T17:16:06.155Z", "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack" }, "references": [ { "tags": [ "vdb-entry" ], "url": "https://patchstack.com/database/vulnerability/contact-form-to-db/wordpress-contact-form-to-db-by-bestwebsoft-plugin-1-7-0-sql-injection-vulnerability?_s_id=cve" } ], "source": { "discovery": "EXTERNAL" }, "title": "WordPress Contact Form to DB by BestWebSoft Plugin \u003c= 1.7.0 is vulnerable to SQL Injection", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "assignerShortName": "Patchstack", "cveId": "CVE-2023-29096", "datePublished": "2023-12-20T17:16:06.155Z", "dateReserved": "2023-03-31T07:39:14.639Z", "dateUpdated": "2024-08-02T14:00:15.848Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }