27 matches found
CVE-2018-25347
WordPress Contact Form Maker Plugin 1.12.20 contains SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries through the FormMakerSQLMapping and generetecsvfmc AJAX actions. Attackers can inject malicious SQL code via the 'name' and 'searchlabels' parameter...
CVE-2018-25347
The vulnerability affects WordPress WordPress Contact Form Maker Plugin 1.12.20. It exposes SQL injection in the FormMakerSQLMapping and generete_csv_fmc AJAX actions, allowing an authenticated attacker to manipulate database queries via the name and search_labels parameters to potentially extrac...
EUVD-2018-21871
WordPress Contact Form Maker Plugin 1.12.20 contains SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries through the FormMakerSQLMapping and generetecsvfmc AJAX actions. Attackers can inject malicious SQL code via the 'name' and 'searchlabels' parameter...
CVE-2018-25347 WordPress Contact Form Maker Plugin 1.12.20 SQL Injection
WordPress Contact Form Maker Plugin 1.12.20 contains SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries through the FormMakerSQLMapping and generetecsvfmc AJAX actions. Attackers can inject malicious SQL code via the 'name' and 'searchlabels' parameter...
CVE-2018-25347
WordPress Contact Form Maker Plugin 1.12.20 contains SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries through the FormMakerSQLMapping and generetecsvfmc AJAX actions. Attackers can inject malicious SQL code via the 'name' and 'searchlabels' parameter...
CVE-2018-25347 WordPress Contact Form Maker Plugin 1.12.20 SQL Injection
WordPress Contact Form Maker Plugin 1.12.20 contains SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries through the FormMakerSQLMapping and generetecsvfmc AJAX actions. Attackers can inject malicious SQL code via the 'name' and 'searchlabels' parameter...
WordPress plugin Contact Form Maker SQL注入漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
EUVD-2015-2886
Malware in sbrugna...
WordPress Contact Form Maker Plugin < 1.13.5 CSRF Vulnerability
The WordPress plugin Copyright C 2019 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the...
WordPress Plugin Contact Form Maker Cross-Site Request Forgery Vulnerability
WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A cross-site request forgery vulnerability exists in the WordPress plugin Contact Form Maker. An attacker can perform a CSRF...
WordPress Plugin Contact Form Maker 1.13.1 - Cross-Site Request Forgery
Exploit Title: Contact Form by WD CSRF → LFI Date: 2019-03-17 Exploit Author: Panagiotis Vagenas Vendor Homepage: http://web-dorado.com/ Software Link: https://wordpress.org/plugins/contact-form-maker Version: 1.13.1 Tested on: WordPress 5.1.1 Description ----------- Plugin implements the followi...
WordPress Plugin Contact Form Maker 1.13.1 - Cross-Site Request Forgery
WordPress Plugin Contact Form Maker 1.13.1 - Cross-Site Request Forgery Exploit Title: Contact Form by WD CSRF → LFI Date: 2019-03-17 Exploit Author: Panagiotis Vagenas Vendor Homepage: http://web-dorado.com/ Software Link: https://wordpress.org/plugins/contact-form-maker Version: 1.13.1 Tested o...
WordPress Contact Form Maker 1.13.1 Cross Site Request Forgery
Exploit Title: Contact Form by WD CSRF → LFI Date: 2019-03-17 Exploit Author: Panagiotis Vagenas Vendor Homepage: http://web-dorado.com/ Software Link: https://wordpress.org/plugins/contact-form-maker Version: 1.13.1 Tested on: WordPress 5.1.1 Description ----------- Plugin implements the followi...
WordPress Contact Form Maker Plugin 1.12.20 - SQL Injection Vulnerability
Exploit for php platform in category web applications Title: WordPress Contact Form Maker Plugin 1.12.20 - SQL Injection Author: Neven Biruski Software: WordPress Contact Form Maker plugin Software link: https://wordpress.org/plugins/contact-form-maker/ Version: 1.12.20 and below The easiest way ...
WordPress Plugin Contact Form Maker 1.12.20 - SQL Injection
WordPress Plugin Contact Form Maker 1.12.20 - SQL Injection Title: WordPress Contact Form Maker Plugin 1.12.20 - SQL Injection Date: 2018-06-07 Author: Neven Biruski Software: WordPress Contact Form Maker plugin Software link: https://wordpress.org/plugins/contact-form-maker/ Version: 1.12.20 and...
WordPress Plugin Contact Form Maker 1.12.20 - SQL Injection
Title: WordPress Contact Form Maker Plugin 1.12.20 - SQL Injection Date: 2018-06-07 Author: Neven Biruski Software: WordPress Contact Form Maker plugin Software link: https://wordpress.org/plugins/contact-form-maker/ Version: 1.12.20 and below The easiest way to reproduce the SQL injection...
WordPress Contact Form Maker 1.12.20 XSS / CSRF / SQL Injection
DefenseCode ThunderScan SAST Advisory: WordPress Contact Form Maker Plugin Multiple Security Vulnerabilities Advisory ID: DC-2018-05-004 Advisory Title: WordPress Contact Form Maker Plugin Multiple Vulnerabilities Advisory URL: http://www.defensecode.com/advisories.php Software: WordPress Contact...
Sql injection
SQL injection vulnerability in Joomla! Component Contact Form Maker 1.0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter...
CVE-2015-2798
SQL injection vulnerability in Joomla! Component Contact Form Maker 1.0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter...
CVE-2015-2798
SQL injection vulnerability in Joomla! Component Contact Form Maker 1.0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter...