Web-Dorado Contact Form Maker vulnerabilities
4 known vulnerabilities affecting web-dorado/contact_form_maker.
Total CVEs
4
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH2MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2015-2798P2CRITICALCVSS 9.8PoCv1.0.12017-07-25
CVE-2015-2798 [CRITICAL] CWE-89 CVE-2015-2798: SQL injection vulnerability in Joomla! Component Contact Form Maker 1.0.1 allows remote attackers to
SQL injection vulnerability in Joomla! Component Contact Form Maker 1.0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
nvd
CVE-2018-25347P3HIGHCVSS 7.1≤ 1.12.202026-05-23
CVE-2018-25347 [HIGH] CWE-89 CVE-2018-25347: WordPress Contact Form Maker Plugin 1.12.20 contains SQL injection vulnerabilities that allow authen
WordPress Contact Form Maker Plugin 1.12.20 contains SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries through the FormMakerSQLMapping and generete_csv_fmc AJAX actions. Attackers can inject malicious SQL code via the 'name' and 'search_labels' parameters to extract sensitive database information or escalat
cvelistv5nvd
CVE-2023-2655P3HIGHCVSS 7.2≤ 1.13.232024-01-16
CVE-2023-2655 [HIGH] CWE-89 CVE-2023-2655: The Contact Form by WD WordPress plugin through 1.13.23 does not properly sanitise and escape a para
The Contact Form by WD WordPress plugin through 1.13.23 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin
nvd
CVE-2019-25734P4MEDIUMCVSS 4.0v1.13.12026-06-04
CVE-2019-25734 [MEDIUM] CWE-22 CVE-2019-25734: Contact Form by WD 1.13.1 contains a cross-site request forgery vulnerability combined with local fi
Contact Form by WD 1.13.1 contains a cross-site request forgery vulnerability combined with local file inclusion that allows unauthenticated attackers to include arbitrary files by exploiting unsanitized action parameters. Attackers can craft malicious forms targeting the admin-ajax.php endpoint with directory traversal sequences in the GET action pa
nvd