CVE-2023-35911
CVSS 3.1 Score 9.8 of 10 (high)
Details
Summary
CVE-2023-35911 represents a significant SQL Injection vulnerability in the Creative Solutions Contact Form Generator plugin for WordPress. This issue permits malicious users to manipulate SQL commands, potentially leading to unauthorized data access or modification. The flaw affects versions of Contact Form Generator : Creative form builder for WordPress from the unspecified earlier version up to 2.6.0. By injecting malicious SQL code, attackers can exploit this vulnerability to gain unauthorized access to sensitive information or even take control of the affected WordPress site.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Vendors
- Creative Solutions, Inc.