CVE-2023-30495 HIGH

CVE-2023-30495: WordPress Ultimate Addons for Contact Form 7 Plugin <= 3.1.23 is vulnerable to SQL Injection

Vendor Themefic
Product Ultimate Addons for Contact Form 7
Weakness CWE-89 · SQLi
Published December 20, 2023
Last update April 28, 2026
View on NVD All CVEs

CVSS base score

8.5/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L

What the vulnerability does

01Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themefic Ultimate Addons for Contact Form 7.This issue affects Ultimate Addons for Contact Form 7: from n/a through 3.1.23.

Key dates

02Disclosure timeline

December 20, 2023 CVE published
April 28, 2026 Record updated

Related vulnerabilities

04Related CVE

CVE-2024-7717 WP Events Manager <= 2.1.11 - Authenticated (Subscriber+) Time-Based SQL Injection CVE-2025-6847 code-projects Simple Forum forum_edit.php sql injection CVE-2026-44706 Chatwoot: SQL Injection in Conversation/Contact Filter API via Custom Attribute Values CVE-2026-24993 WordPress Advanced WooCommerce Product Sales Reporting plugin <= 4.1.3 - SQL Injection vulnerability CVE-2026-33714 Chamilo LMS has Authenticated SQL Injection in statistics.ajax.php users_active action (2.0 RC2)