11 matches found
CVE-2018-25352
WordPress Ultimate Form Builder Lite plugin version 1.3.7 and below contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the entryid POST parameter. Attackers can send POST requests to the admin-ajax.php endpoint...
WordPress Ultimate Form Builder Lite Plugin Cross-Site Scripting Vulnerability
WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability in the WordPress Ultimate Form Builder Lite plugin allows attackers to construct URLs th...
Ultimate Form Builder Lite <= 1.3.7 - Multiple Vulnerabilities
Authenticated XSS & SQL Injection...
WordPress Ultimate Form Builder Lite Plugin < 1.3.7 - SQL Injection Vulnerability
Exploit for php platform in category web applications Title: WordPress Ultimate Form Builder Lite Plugin getrow Vulnerable Variable: $POST'entryid' Vulnerable URL: http://vulnerablesite.com/wp-admin/admin-ajax.php Vulnerable POST body:...
WordPress Ultimate Form Builder Lite 1.3.7 XSS / SQL Injection
DefenseCode ThunderScan SAST Advisory: WordPress Ultimate Form Builder Lite Plugin Multiple Vulnerabilities XSS and SQLi Advisory ID: DC-2018-05-009 Advisory Title: WordPress Ultimate Form Builder Lite Plugin Multiple Vulnerabilities XSS and SQLi Advisory URL:...
WordPress Plugin Ultimate Form Builder Lite 1.3.7 - SQL Injection
WordPress Plugin Ultimate Form Builder Lite 1.3.7 - SQL Injection Title: WordPress Ultimate Form Builder Lite Plugin getrow Vulnerable Variable: $POST'entryid' Vulnerable URL: http://vulnerablesite.com/wp-admin/admin-ajax.php Vulnerable POST body:...
WordPress Plugin Ultimate Form Builder Lite < 1.3.7 - SQL Injection
Title: WordPress Ultimate Form Builder Lite Plugin getrow Vulnerable Variable: $POST'entryid' Vulnerable URL: http://vulnerablesite.com/wp-admin/admin-ajax.php Vulnerable POST body: entryid=ExploitCodeHere&wpnonce=xxx&action=ufblgetentrydetailaction Disclosure Timeline 2018/06/01 Vulnerabilities...
WordPress Ultimate Form Builder Lite Plugin < 1.3.7 SQLi Vulnerability
The WordPress plugin SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:accesspressthemes:ultimate-form-builder-lite"; if descriptio...
CVE-2017-15919
The CVE-2017-15919 affects the WordPress plugin Ultimate Form Builder Lite (prior to 1.3.7). The vulnerability is a SQL Injection in wp-admin/admin-ajax.php that can lead to PHP Object Injection. Public notes describe remote exploitation with possibly arbitrary code execution; CVSS data shows hig...
VulnCheck KEV: CVE-2017-15919
The ultimate-form-builder-lite plugin before 1.3.7 for WordPress has SQL Injection, with resultant PHP Object Injection, via wp-admin/admin-ajax.php...
Contact Form for WordPress – Ultimate Form Builder Lite plugin <= 1.3.2 - Authenticated Cross-Site Scripting (XSS)
Contact Form for WordPress – Ultimate Form Builder Lite 1.3.2 WordPress plugin and earlier its versions suffers from Authenticated Cross-Site Scripting XSS vulnerability. Patched version 1.3.3 already available. Solution Update plugin to the latest available version at least 1.3.3...