Log out
Get PRO

Latest

Input validation vulnerability in Integration for Contact Form 7 and Zoho CRM, Bigin 1.2.3

  • Severity: high-risk
  • Status: Fixed
  • Publication: May 22, 2023

The Bigin plugin for WordPress, an integration for Contact Form 7 and Zoho CRM, has a security flaw in versions up to 1.2.3. It is vulnerable to an attack called SQL Injection, which enables attackers with administrator-level access to add additional SQL queries to the existing ones. This can be used to collect sensitive information from the database. To prevent this vulnerability, it is important to make sure all user-supplied parameters are properly escaped and that all existing SQL queries are sufficiently prepared.

Detected in:

Integration for Contact Form 7 and Zoho CRM, Bigin fixed vulnerable versions: >= * <= 1.2.3
WP Zoho for Contact Form 7, WPforms, Elementor and Ninja Forms – CRM, Bigin fixed vulnerable versions:
WP Zoho for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms – CRM, Bigin fixed vulnerable versions:

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.