As part of our regular research audits for our Sucuri Firewall, we discovered an SQL injection vulnerability affecting 40,000+ users of the Advanced Contact Form 7 DB WordPress plugin.

Current State of the Vulnerability

This plugin saves all Contact Form 7 submissions to the database using a friendly interface. Though the bug has been fixed in the 1.6.1 release, it can be exploited by an attacker who has (at minimum) a subscriber account.

Continue reading SQL Injection in Advance Contact Form 7 DB at Sucuri Blog.

Via Sucuri.net