3 matches found
WordPress Plugin Form Maker 1.12.20 - CSV Injection
WordPress Plugin Form Maker 1.12.20 - CSV Injection Exploit Title: Wordpress Plugin Form Maker version 1.12.20 vulnerable to to Formula Injection CSV Injection Google Dork: N/A Date: 27-04-2018 Exploit Author: Jetty Sairam Software Link: https://wordpress.org/plugins/form-maker/ Affected Version:...
CVE-2018-10504
creationtimestamp| type| source ---|---|--- 2018-04-30 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/44559...
CVE-2018-10504
The CVE-2018-10504 entry concerns the WordPress plugin WebDorado Form Maker by WD, version prior to 1.12.24, which is vulnerable to CSV injection. The root cause is that CSV data exported by the Form Maker form can be crafted to execute commands when opened by a user with sufficient privileges, e...