Vulnerabilities > CVE-2024-25928 - Unspecified vulnerability in Sitepact Contact Form 7 Extension for Klaviyo

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

sitepact

critical

NVD

Published: 2024-02-23

Updated: 2025-02-25

Summary

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Sitepact.This issue affects Sitepact: from n/a through 1.0.5.

Vulnerable Configurations

Part	Description	Count
Application	Sitepact Sitepact Contact Form 7 Extension FOR Klaviyo - Sitepact Contact Form 7 Extension FOR Klaviyo 1.0.0 Sitepact Contact Form 7 Extension FOR Klaviyo 1.0.2 Sitepact Contact Form 7 Extension FOR Klaviyo 1.0.3 Sitepact Contact Form 7 Extension FOR Klaviyo 1.0.4 Sitepact Contact Form 7 Extension FOR Klaviyo 1.0.5 Sitepact Contact Form 7 Extension FOR Klaviyo 1.0.45	7

References

https://patchstack.com/database/vulnerability/sitepact-klaviyo-contact-form-7/wordpress-sitepact-s-contact-form-7-extension-for-klaviyo-plugin-1-0-5-reflected-xss-via-sql-injection-vulnerability?_s_id=cve
https://patchstack.com/database/vulnerability/sitepact-klaviyo-contact-form-7/wordpress-sitepact-s-contact-form-7-extension-for-klaviyo-plugin-1-0-5-reflected-xss-via-sql-injection-vulnerability?_s_id=cve