VULHUB ™

The WordPress custom-contact-forms plugin less than or equal to 5.1.0.3 allows unauthenticated users to download a SQL dump of the plugins database tables. Its also possible to upload files containing SQL statements which will be executed. The module first tries to extract the WordPress table prefix from the dump and then attempts to create a new admin user.

The WordPress custom-contact-forms plugin less than or equal to 5.1.0.3 allows unauthenticated users to download a SQL dump of the plugins database tables. Its also possible to upload files containing SQL statements which will be executed. The module first tries to extract the WordPress table prefix from the dump and then attempts to create a new admin user.