PT-2019-12401 · Webdorado · Webdorado Contact Form
Name of the Vulnerable Software and Affected Versions: WebDorado Contact Form plugin versions prior to 1.13.5 Description: The issue allows for CSRF via the "wp-admin/admin-ajax.php" API endpoint, specifically through the action parameter, which can lead to local file inclusion via directory...