Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
- EPSS 0.89%
- Veröffentlicht 04.06.2026 13:22:40
- Zuletzt bearbeitet 04.06.2026 15:00:40
Contact Form by WD 1.13.1 contains a cross-site request forgery vulnerability combined with local file inclusion that allows unauthenticated attackers to include arbitrary files by exploiting unsanitized action parameters. Attackers can craft malicio...
7.1
CVE-2018-25347
- EPSS 0.21%
- Veröffentlicht 23.05.2026 18:30:48
- Zuletzt bearbeitet 26.05.2026 19:37:32
WordPress Contact Form Maker Plugin 1.12.20 contains SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries through the FormMakerSQLMapping and generete_csv_fmc AJAX actions. Attackers can inject malicious SQL...
7.2
CVE-2023-2655
- EPSS 0.93%
- Veröffentlicht 16.01.2024 16:15:10
- Zuletzt bearbeitet 02.06.2025 16:15:24
The Contact Form by WD WordPress plugin through 1.13.23 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin
1