CVE-2023-1615

Name of the Vulnerable Software and Affected Versions The Ultimate Addons for Contact Form 7 plugin for WordPress versions up to and including 3.1.23

Description The issue allows authenticated attackers of any authorization level to perform SQL Injection via the id parameter. This enables them to append additional SQL queries into existing ones, potentially extracting sensitive information from the database.

Recommendations For versions up to and including 3.1.23, update to a version higher than 3.1.23 to resolve the issue. As a temporary workaround, consider restricting access to the id parameter in affected API endpoints until a patch is available.