Killr00T

**Name of the Vulnerable Software and Affected Versions** The Contact Form by WD WordPress plugin versions 1.13.23 and earlier **Description** The issue is related to a SQL injection problem. It occurs because a parameter is not properly sanitised and escaped before being used in a SQL statement. This can be exploited by high privilege users, such as admins. **Recommendations** For versions 1.13.23 and earlier, update to a version later than 1.13.23 to resolve the issue. As a temporary workaround, consider restricting access to high privilege users until a patch is available.