Vulnerability Details CVE-2021-24777
The view submission functionality in the Hotscot Contact Form WordPress plugin before 1.3 makes a get request with the sub_id parameter which not sanitised, escaped or validated before inserting to a SQL statement, leading to an SQL injection.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 66.5%
CVSS Severity
CVSS v3 Score 7.2
CVSS v2 Score 6.5
References
Products affected by CVE-2021-24777
-
cpe:2.3:a:hotscot:contact_form:-
-
cpe:2.3:a:hotscot:contact_form:1.0
-
cpe:2.3:a:hotscot:contact_form:1.1
-
cpe:2.3:a:hotscot:contact_form:1.2