Authenticated Double Query SQL injection (SQLi) vulnerability found by Lenon Leite in WordPress Contact Form Submissions plugin (versions <= 1.6.4).
Solution
2021-01-11 - we could not find a patched version of this plugin (last updated 10 months ago). The plugin is poorly maintained, we recommend deactivating and deleting it at least until a patched version is available.
Found a vulnerability that puts your sites at risk?