{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2023-32741","assignerOrgId":"21595511-bba5-4825-b968-b78d1f9984a3","state":"PUBLISHED","assignerShortName":"Patchstack","dateReserved":"2023-05-12T15:25:58.284Z","datePublished":"2023-11-03T23:04:23.323Z","dateUpdated":"2025-02-13T16:55:02.206Z"},"containers":{"cna":{"affected":[{"collectionURL":"https://wordpress.org/plugins","defaultStatus":"unaffected","packageName":"contact-form-to-any-api","product":"Contact Form to Any API","vendor":"IT Path Solutions PVT LTD","versions":[{"changes":[{"at":"1.1.3","status":"unaffected"}],"lessThanOrEqual":"1.1.2","status":"affected","version":"n/a","versionType":"custom"}]}],"credits":[{"lang":"en","type":"finder","user":"00000000-0000-4000-9000-000000000000","value":"Arvandy (Patchstack Alliance)"}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in IT Path Solutions PVT LTD Contact Form to Any API allows SQL Injection.<p>This issue affects Contact Form to Any API: from n/a through 1.1.2.</p>"}],"value":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in IT Path Solutions PVT LTD Contact Form to Any API allows SQL Injection.This issue affects Contact Form to Any API: from n/a through 1.1.2."}],"impacts":[{"capecId":"CAPEC-66","descriptions":[{"lang":"en","value":"CAPEC-66 SQL Injection"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-89","description":"CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"21595511-bba5-4825-b968-b78d1f9984a3","shortName":"Patchstack","dateUpdated":"2023-11-14T03:07:27.290Z"},"references":[{"tags":["vdb-entry"],"url":"https://patchstack.com/database/vulnerability/contact-form-to-any-api/wordpress-contact-form-to-any-api-plugin-1-1-2-sql-injection-vulnerability?_s_id=cve"},{"url":"http://packetstormsecurity.com/files/175654/WordPress-Contact-Form-To-Any-API-1.1.2-SQL-Injection.html"}],"solutions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Update to&nbsp;1.1.3 or a higher version."}],"value":"Update to 1.1.3 or a higher version."}],"source":{"discovery":"EXTERNAL"},"title":"WordPress Contact Form to Any API Plugin <= 1.1.2 is vulnerable to SQL Injection","x_generator":{"engine":"Vulnogram 0.1.0-dev"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T15:25:37.047Z"},"title":"CVE Program Container","references":[{"tags":["vdb-entry","x_transferred"],"url":"https://patchstack.com/database/vulnerability/contact-form-to-any-api/wordpress-contact-form-to-any-api-plugin-1-1-2-sql-injection-vulnerability?_s_id=cve"},{"url":"http://packetstormsecurity.com/files/175654/WordPress-Contact-Form-To-Any-API-1.1.2-SQL-Injection.html","tags":["x_transferred"]}]},{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-09-05T18:48:43.988440Z","id":"CVE-2023-32741","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-09-12T19:33:16.967Z"}}]}}