CVE-2019-17072

The new-contact-form-widget (aka Contact Form Widget - Contact Query, Form Maker) plugin 1.0.9 for WordPress has SQL Injection via all-query-page.php.

Published : 2019-10-10 12:10 Updated : 2019-10-10 19:14

7.5
CVSS Score More info
Score 7.5 / 10
7.5
Vendor Product Version URI
Awplife Contact Form Widget 1.0.9 cpe:/a:awplife:contact_form_widget:1.0.9::~~~wordpress~~
  1. Awplife (1) Search CVE
    1. Contact Form Widget (1) Search CVE
      1. 1.0.9

CWE

ID Name Description Links
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') The software constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. CVE

History of changes

Date Event
2019-10-10 19:14

New CVE