CVE-2024-1776

CVSS 3.1 Score 7.2 of 10 (high)

Details

Published Feb 23, 2024

Summary

CVE-2024-1776 is a significant vulnerability in the Contact Form 7 plugin for WordPress. It affects all versions up to and including 1.1.1, allowing authenticated attackers with administrator-level access to inject SQL queries via the 'form-id' parameter. The issue stems from insufficient escaping of user-supplied data and a lack of preparation on existing SQL queries. This vulnerability grants attackers the ability to extract sensitive information from the database, posing a serious risk to WordPress sites using the Contact Form 7 plugin.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/unaNm8
https://www.cve.org/CVERecord?id=CVE-2024-1776
https://nvd.nist.gov/vuln/detail/CVE-2024-1776

Back to Vulnerability Database

CVE-2024-1776

CVSS 3.1 Score 7.2 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations