Filtered by vendor Web-dorado
Subscriptions
Filtered by product Contact Form Maker
Subscriptions
Total
4 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-25734 | 1 Web-dorado | 1 Contact Form Maker | 2026-06-04 | 4 Medium |
| Contact Form by WD 1.13.1 contains a cross-site request forgery vulnerability combined with local file inclusion that allows unauthenticated attackers to include arbitrary files by exploiting unsanitized action parameters. Attackers can craft malicious forms targeting the admin-ajax.php endpoint with directory traversal sequences in the GET action parameter to load files via CSRF, bypassing authentication on vulnerable AJAX actions. | ||||
| CVE-2018-25347 | 2 Web-dorado, Wordpress | 2 Contact Form Maker, Wordpress | 2026-05-26 | 7.1 High |
| WordPress Contact Form Maker Plugin 1.12.20 contains SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries through the FormMakerSQLMapping and generete_csv_fmc AJAX actions. Attackers can inject malicious SQL code via the 'name' and 'search_labels' parameters to extract sensitive database information or escalate privileges. | ||||
| CVE-2023-2655 | 1 Web-dorado | 1 Contact Form Maker | 2025-06-02 | 7.2 High |
| The Contact Form by WD WordPress plugin through 1.13.23 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin | ||||
| CVE-2015-2798 | 1 Web-dorado | 1 Contact Form Maker | 2025-04-20 | N/A |
| SQL injection vulnerability in Joomla! Component Contact Form Maker 1.0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
Page 1 of 1.