Last Updated: 24th July, 2022
An extremely serious SQLi vulnerability has been revealed within the popular WordPress Plugin – Advanced Contact Form 7 DB, as of now it has more than 40,000+ active installations, phew, that’s something big! The contact form 7 vulnerabilities was first disclosed the details on March 26th, and the new fixed version 1.6.1 has been made live two days prior on the April 10th, 2019.
Despite the fact that the fixed version is here, the present clients still have justification to concern as this vulnerability could be abused by individuals having even a subscriber’s account.
Risk Status Of The Vulnerability – Advanced Contact Form 7 DB Vulnerabilities
The dangers hitched to this vulnerability can be put into the critical classification for it could be additionally abused by the hackers. This vulnerability could likewise go about as a backdoor for the hackers to inject filthy codes into the database and gain access to important and vital information.
More or less, these could turn out very badly:
- Awful bad guys could inject malignant codes in the database.
- Hackers can easily leak out sensitive information.
- This could likewise prompt to a jeopardized WordPress installation.
The Advanced Contact Form 7 plugin developers rushed to release the fixed version. Thusly, WordPress did not debar the plugin as similarly as it did with the Yuzo Related Posts Plugin just two days prior.
The advanced contact form 7 DB is as yet accessible for new installations. This is the thing that I got when I searched for Advanced Contact Form 7 DB in the WordPress Plugins repository.
Details Of The Vulnerability – Advanced Contact Form 7 DB Vulnerabilities
Along these lines, WordPress essentially has a facility known as wp-ajax-parse-media-shortcode for coders to utilize a shortcode rather than long ones. Utilizing this, the plugin developers characterized the shortcode acf7db in the public/class-advanced-cf7-db-public.php file.
What’s more, the plugin developers ignored another pivot detail wpdb::prepare. wpdb::prepare (Prepares a SQL query for safe execution, using sprintf()-like syntax.) is utilized to disinfect the SQL queries to clear the paths for the valid and legitimate ones as it were. The coders utilized wpdb->get_results() rather than wpdb::prepare, which is certainly not a very secured technique for Query insertion. The vulnerable codes are delineated in the image underneath:
The $fid can, thus accepts malicious codes as queries, and lead to genuine setbacks. In any case, this must be announced here that no abuse has yet been accounted for. It is just a prudent step to caution the users ahead of time.
Required Action
Update the plugin as fast as feasible to avert any dangers that may draw close to your website. You would then be able to proceed to Update the Themes and Reset the Passwords. Abuse of this vulnerability might leak sensitive and classified information to the attackers.
