WordPress website owners using the Quasar Form plugin: An alarming high-severity SQL Injection vulnerability has been detected, posing significant risks to the website’s security and potentially exposing sensitive information to malicious actors.

The security flaw was discovered and responsibly reported by Emili Castells, underscoring the importance of collaborative efforts in ensuring a secure WordPress environment.

The vulnerability exists in the Quasar Form Plugin, where attackers could exploit the flaw to directly interact with your website’s database, potentially leading to data theft and unauthorized access to sensitive information.


This SQL Injection vulnerability is classified as high severity, with a CVSS 3.1 score of 8.5, signifying its significant impact on the website’s security and the potential for data breaches.

Affected Versions:

As of June 21, 2023, the Quasar Form plugin has been closed, and no patched version is available for download. The temporary closure is pending a full review, highlighting the seriousness of the vulnerability.


If exploited, malicious actors could directly interact with the website’s database, potentially accessing and stealing sensitive information. This includes but is not limited to user data, login credentials, and other confidential details.


Given the high severity of this vulnerability and the unavailability of a patched version or access to the plugin, immediate action is critical to protect the WordPress website:

  1. Remove Quasar Form Plugin: As a top priority, remove the Quasar Form plugin from the website to mitigate the risk of exploitation. Prevent any potential vulnerabilities from being exploited during the review period.
  2. Seek Alternatives: Look for alternative plugins that provide similar functionality to Quasar Form while ensuring they have a strong security track record and regular updates.
  3. Backup and Secure Data: Perform a comprehensive backup of the website’s data to ensure a recent copy in case of any security incidents. Implement additional security measures to safeguard sensitive information.
  4. Stay Informed: Continuously monitor official updates and announcements regarding the Quasar Form plugin to stay informed about any potential fixes or reopening.
  5. Consider Security Assistance: Consult with WordPress security experts or developers to assess the potential impact on your website and implement additional security measures if necessary.