cvedb.io
CVE-2023-1615
HIGH · CVSS 8.8
EPSS exploitation probability: 0%
Published 2023-06-09T06:15:57.570 · Last modified 2026-06-17T05:28:22.443

Summary

The Ultimate Addons for Contact Form 7 plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in versions up to, and including, 3.1.23. This makes it possible for authenticated attackers of any authorization level to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

Affected products

themefic — ultimate_addons_for_contact_form_7

Does this affect you?

Add your gear to cvedb and we'll alert you only when themefic ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.