The view submission functionality in the Hotscot Contact Form WordPress plugin prior to 1.3 makes a get request with the sub_id parameter which not sanitised, escaped or validated before inserting to a SQL statement, leading to an SQL injection.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
hotscot contact form |