EIP-2026-113641

This exploit demonstrates a SQL injection vulnerability in the WordPress Contact Form plugin <= 2.7.5. The PoC uses a time-based blind SQL injection via the `wpcf_easyform_formid` parameter to execute arbitrary SQL queries.