The Country State City Dropdown CF7 WordPress plugin (versions up to 2.7.2) is vulnerable to SQL Injection via 'cnt' and 'sid' parameters. Insufficient escaping and lack of preparation in the SQL query allow unauthenticated attackers to append queries, potentially extracting sensitive database information.
CVE-2024-3495-POC The Country State City Dropdown CF7 WordPress plugin (versions up to 272) is vulnerable to SQL Injection via 'cnt' and 'sid' parameters Insufficient escaping and lack of preparation in the SQL query allow unauthenticated attackers to append queries, potentially extracting sensitive database information