CVE-2021-24777

CVE-2021-24777: Hotscot Contact Form < 1.3 - Admin+ SQL Injection

Vendor Unknown

Product Hotscot Contact Form

Weakness CWE-89 · SQLi

Published March 7, 2022

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The view submission functionality in the Hotscot Contact Form WordPress plugin before 1.3 makes a get request with the sub_id parameter which not sanitised, escaped or validated before inserting to a SQL statement, leading to an SQL injection.

Key dates

02Disclosure timeline

March 7, 2022 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-24777

Related vulnerabilities

04Related CVE

CVE-2025-4715 Campcodes Sales and Inventory System view_application.php sql injection CVE-2024-2620 Fujian Kelixin Communication Command and Dispatch Platform down_file.php sql injection CVE-2025-31547 WordPress Uptime Robot Plugin for WordPress plugin <= 2.3 - SQL Injection vulnerability CVE-2024-12895 TreasureHuntGame TreasureHunt checkflag.php console_log sql injection CVE-2025-8914 WellChoose｜Organization Portal System - SQL Injection