CVE-2023-24410

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://patchstack.com/database/vulnerability/fluentform/wordpress-fluentform-plugin-4-3-25-sql-injection-vulnerability?_s_id=cve", "name": "https://patchstack.com/database/vulnerability/fluentform/wordpress-fluentform-plugin-4-3-25-sql-injection-vulnerability?_s_id=cve", "tags": ["Third Party Advisory"], "refsource": ""}, {"url": "https://patchstack.com/database/vulnerability/fluentform/wordpress-fluentform-plugin-4-3-25-sql-injection-vulnerability?_s_id=cve", "name": "https://patchstack.com/database/vulnerability/fluentform/wordpress-fluentform-plugin-4-3-25-sql-injection-vulnerability?_s_id=cve", "tags": ["Third Party Advisory"], "refsource": ""}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Contact Form - WPManageNinja LLC Contact Form Plugin \u2013 Fastest Contact Form Builder Plugin for WordPress by Fluent Forms fluentform allows SQL Injection.This issue affects Contact Form Plugin \u2013 Fastest Contact Form Builder Plugin for WordPress by Fluent Forms: from n/a through 4.3.25.\n\n"}]}, "problemtype": {"problemtype_data": [{"description": []}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2023-24410", "ASSIGNER": "audit@patchstack.com"}}, "impact": {"baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}}, "publishedDate": "2023-10-31T15:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:fluentforms:contact_form:*:*:*:*:*:wordpress:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "4.3.25"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2025-02-19T22:15Z"}