CVE-2023-30495

HIGH

Ultimate Addons for Contact Form 7 < 3.1.23 - SQL Injection

Title source: llm
STIX 2.1

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themefic Ultimate Addons for Contact Form 7.This issue affects Ultimate Addons for Contact Form 7: from n/a through 3.1.23.

Scores

CVSS v3 8.5
EPSS 0.0063
EPSS Percentile 45.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L

Details

CWE
CWE-89
Status published
Products (2)
Themefic/Ultimate Addons for Contact Form 7 < 3.1.23
themefic/ultimate_addons_for_contact_form_7 < 3.1.24
Published Dec 20, 2023
Tracked Since Feb 18, 2026