WordPress Contact Form by WD Plugin <= 1.13.23 is vulnerable to SQL Injection

Software Contact Form by WD Type Plugin Vulnerable versions = 1.13.23 Fixed in N/A OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-2655 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 8755d4a80b13 Credits killr00t Required privilege Administrator...

WordPress Contact Form by WD plugin <= 1.13.4 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability found by Panagiotis Vagenas in WordPress Contact Form by WD plugin versions = 1.13.4. Solution Update the WordPress Contact Form by WD plugin to the latest available version at least 1.13.5...

Form Maker by 10Web < 1.13.5 - Cross-Site Request Forgery (CSRF) to LFI

Form Maker by WD plugin suffers from a CSRF issue that could lead to an LFI attack...

CVE-2018-10301

CVE-2018-10301 : Cross-site scripting in the WordPress plugin WD Instagram Feed Premium (Web-Dorado) for WordPress. The vulnerability exists before version 1.3.1 and allows remote attackers to inject arbitrary script/HTML by submitting payloads in comments on an Instagram post. Impact is XSS in p...

WordPress FAQ WD Plugin Cross-Site Scripting

A cross-site scripting vulnerability exists in WordPress FAQ WD Plugin. Successful exploitation of this vulnerability would allow remote attackers to inject an arbitrary web script into the affected system...

WordPress FAQ WD Plugin <= 1.0.14 - Cross Site Scripting

This WordPress plugin is prone to a cross-site scripting XSS vulnerability. It allows remote attackers to inject arbitrary script or HTML. Solution Update the plugin...