CVE-2023-30495

HIGH

8.5

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themefic Ultimate Addons for Contact Form 7.This issue affects Ultimate Addons for Contact Form 7: from n/a through 3.1.23.

CVE Details

CVSS v3.1 Score8.5

SeverityHIGH

CVSS VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L

Attack VectorNETWORK

ComplexityLOW

Privileges RequiredLOW

User InteractionNONE

Published12/20/2023

Last Modified4/28/2026

Sourcenvd

Honeypot Sightings0

Affected Products

themefic:ultimate_addons_for_contact_form_7

Weaknesses (CWE)

CWE-89

References

https://patchstack.com/database/vulnerability/ultimate-addons-for-contact-form-7/wordpress-ultimate-addons-for-contact-form-7-plugin-3-1-23-sql-injection-vulnerability?_s_id=cve(audit@patchstack.com)

https://patchstack.com/database/vulnerability/ultimate-addons-for-contact-form-7/wordpress-ultimate-addons-for-contact-form-7-plugin-3-1-23-sql-injection-vulnerability?_s_id=cve(af854a3a-2127-422b-91ae-364da2661108)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.