RSS   Vulnerabilities for 'Wp form builder'   RSS

2019-04-26
 
CVE-2019-11557

CWE-352
 

 
The WebDorado Contact Form Builder plugin before 1.0.69 for WordPress allows CSRF via the wp-admin/admin-ajax.php action parameter, with resultant local file inclusion via directory traversal, because there can be a discrepancy between the $_POST['action'] value and the $_GET['action'] value, and the latter is unsanitized.

 

 >>> Vendor: Web-dorado 14 Products
Photo gallery
Web-dorado spider video player
Spider facebook
Spider calendar
Ecommerce wd
Spider catalog
Spider event calendar
Event calendar wd
Contact form maker
Gallery wd
Form maker
Wp form builder
Backup-wd
Spidercatalog


Copyright 2024, cxsecurity.com

 

Back to Top