CVE-2023-35910
CVSS 3.1 Score 8.8 of 10 (high)
Details
Published Nov 4, 2023
Updated: Nov 9, 2023
CWE ID 89
Summary
CVE-2023-35910 is a new SQL injection vulnerability that affects the Quasar form free – Contact Form Builder plugin for WordPress. The flaw, which allows for the injection of malicious SQL commands, can be exploited to gain unauthorized access to sensitive data or even take control of the affected site. This issue impacts all versions of Quasar form free – Contact Form Builder for WordPress, from the earliest releases through 6.0. To mitigate the risk, it is recommended that users upgrade to the latest, secure version of the plugin as soon as possible.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share