CVE-2023-35911

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Nov 6, 2023
Updated: Nov 10, 2023
CWE ID 89

Summary

CVE-2023-35911 represents a significant SQL Injection vulnerability in the Creative Solutions Contact Form Generator plugin for WordPress. This issue permits malicious users to manipulate SQL commands, potentially leading to unauthorized data access or modification. The flaw affects versions of Contact Form Generator : Creative form builder for WordPress from the unspecified earlier version up to 2.6.0. By injecting malicious SQL code, attackers can exploit this vulnerability to gain unauthorized access to sensitive information or even take control of the affected WordPress site.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share