CVE-2024-47331 – Multi Step for Contact Form

Published : 2024-10-11

Title: WordPress Multi Step for Contact Form plugin <= 2.7.7 – Unauthenticated SQL Injection vulnerability

Description

Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in NinjaTeam Multi Step for Contact Form allows SQL Injection.This issue affects Multi Step for Contact Form: from n/a through 2.7.7.

CWE

CWE-89 Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’)

CVSS

Score	Severity	Version	Vector String
9.3	CRITICAL	3.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L

Vendor : n/a

Product: Multi Step for Contact Form

Vulnerable Versions: n/a through 2.7.7

Proof of Concept:

REDACTED

Vulnerability found by: DFEND Security Researcher

References:

– https://patchstack.com/database/vulnerability/cf7-multi-step/wordpress-multi-step-for-contact-form-plugin-2-7-7-unauthenticated-sql-injection-vulnerability?_s_id=cve

Gallery

Contacts

CVE-2024-47331 – Multi Step for Contact Form

Description

DFEND S.R.L.

CONTATTI

Gallery

Contacts

Description

CVE-2024-48042 – Contact Form by Supsystic

CVE-2024-47376 – Slideshow Gallery

DFEND S.R.L.

CONTATTI