cleantalk
Vulnerabilities and Security Researches

WP Zoho for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms – CRM, Bigin, CVE-2023-2527

CVE, Research URL

CVE-2023-2527

Home page URL

Security reports for WP Zoho for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms – CRM, Bigin

Application

WP Zoho for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms – CRM, Bigin

Published on
Jun 19, 2023
Research Description
The Integration for Contact Form 7 and Zoho CRM, Bigin WordPress plugin before 1.2.4 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin
Affected versions
max 1.2.4.
Status
vulnerable
Previous vulnerability researches
W3SCloud Contact Form 7 to Zoho CRM (CVE-2025-60169) , Oct 11, 2025
W3SCloud Contact Form 7 to Zoho CRM (CVE-2021-24435) , Jun 07, 2024
W3SCloud Contact Form 7 to Zoho CRM (CVE-2022-4974) , Nov 16, 2024
WP Zoho for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms – CRM, Bigin (CVE-2025-49330) , Jun 13, 2026
WP Zoho for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms – CRM, Bigin (56cb8480-1791-4990-8fc7-2cb98a10c207) , Jun 06, 2024
New vulnerability
WP Tools Divi Blog Carousel (CVE-2023-33999) , Jun 14, 2026
WP Mobile Menu – The Mobile-Friendly Responsive Menu (CVE-2023-33999) , Jun 14, 2026
YITH Request a Quote for WooCommerce (CVE-2022-44630) , Jun 14, 2026
Marijuana Age Verify (CVE-2023-33999) , Jun 14, 2026
Advanced Product Sample for WooCommerce (CVE-2023-33999) , Jun 14, 2026