Lucene search
K

11 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/23 6:30 p.m.10 views

CVE-2018-25352

WordPress Ultimate Form Builder Lite plugin version 1.3.7 and below contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the entryid POST parameter. Attackers can send POST requests to the admin-ajax.php endpoint...

7.1CVSS5.9AI score0.00214EPSS
Exploits0References3
CNVD
CNVD
added 2018/06/15 12:0 a.m.3 views

WordPress Ultimate Form Builder Lite Plugin Cross-Site Scripting Vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability in the WordPress Ultimate Form Builder Lite plugin allows attackers to construct URLs th...

6.1AI score
Exploits0References1
WPVulnDB
WPVulnDB
added 2018/06/15 12:0 a.m.6 views

Ultimate Form Builder Lite <= 1.3.7 - Multiple Vulnerabilities

Authenticated XSS & SQL Injection...

2.2AI score
Exploits0References2Affected Software1
0day.today
0day.today
added 2018/06/13 12:0 a.m.24 views

WordPress Ultimate Form Builder Lite Plugin < 1.3.7 - SQL Injection Vulnerability

Exploit for php platform in category web applications Title: WordPress Ultimate Form Builder Lite Plugin getrow Vulnerable Variable: $POST'entryid' Vulnerable URL: http://vulnerablesite.com/wp-admin/admin-ajax.php Vulnerable POST body:...

0.4AI score
Exploits0
Packet Storm
Packet Storm
added 2018/06/12 12:0 a.m.44 views

WordPress Ultimate Form Builder Lite 1.3.7 XSS / SQL Injection

DefenseCode ThunderScan SAST Advisory: WordPress Ultimate Form Builder Lite Plugin Multiple Vulnerabilities XSS and SQLi Advisory ID: DC-2018-05-009 Advisory Title: WordPress Ultimate Form Builder Lite Plugin Multiple Vulnerabilities XSS and SQLi Advisory URL:...

Exploits0
exploitpack
exploitpack
added 2018/06/12 12:0 a.m.16 views

WordPress Plugin Ultimate Form Builder Lite 1.3.7 - SQL Injection

WordPress Plugin Ultimate Form Builder Lite 1.3.7 - SQL Injection Title: WordPress Ultimate Form Builder Lite Plugin getrow Vulnerable Variable: $POST'entryid' Vulnerable URL: http://vulnerablesite.com/wp-admin/admin-ajax.php Vulnerable POST body:...

8.6AI score
Exploits0
Exploit DB
Exploit DB
added 2018/06/12 12:0 a.m.41 views

WordPress Plugin Ultimate Form Builder Lite &lt; 1.3.7 - SQL Injection

Title: WordPress Ultimate Form Builder Lite Plugin getrow Vulnerable Variable: $POST'entryid' Vulnerable URL: http://vulnerablesite.com/wp-admin/admin-ajax.php Vulnerable POST body: entryid=ExploitCodeHere&wpnonce=xxx&action=ufblgetentrydetailaction Disclosure Timeline 2018/06/01 Vulnerabilities...

7.4AI score
Exploits0
OpenVAS
OpenVAS
added 2017/11/03 12:0 a.m.29 views

WordPress Ultimate Form Builder Lite Plugin < 1.3.7 SQLi Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:accesspressthemes:ultimate-form-builder-lite"; if descriptio...

9.8CVSS9.7AI score0.02482EPSS
Exploits0References3
CVE
CVE
added 2017/10/26 6:0 p.m.77 views

CVE-2017-15919

The CVE-2017-15919 affects the WordPress plugin Ultimate Form Builder Lite (prior to 1.3.7). The vulnerability is a SQL Injection in wp-admin/admin-ajax.php that can lead to PHP Object Injection. Public notes describe remote exploitation with possibly arbitrary code execution; CVSS data shows hig...

9.8CVSS9.8AI score0.02482EPSS
Exploits0References4Affected Software1
VulnCheck KEV
VulnCheck KEV
added 2017/10/23 12:0 a.m.8 views

VulnCheck KEV: CVE-2017-15919

The ultimate-form-builder-lite plugin before 1.3.7 for WordPress has SQL Injection, with resultant PHP Object Injection, via wp-admin/admin-ajax.php...

9.8CVSS7.4AI score0.02482EPSS
Exploits0References1
Patchstack
Patchstack
added 2017/04/20 12:0 a.m.10 views

Contact Form for WordPress – Ultimate Form Builder Lite plugin <= 1.3.2 - Authenticated Cross-Site Scripting (XSS)

Contact Form for WordPress – Ultimate Form Builder Lite 1.3.2 WordPress plugin and earlier its versions suffers from Authenticated Cross-Site Scripting XSS vulnerability. Patched version 1.3.3 already available. Solution Update plugin to the latest available version at least 1.3.3...

2.3AI score
Exploits0References1Affected Software1
Rows per page
Query Builder