CVE-2018-25347
EUVD-2018-2187123.05.2026, 19:16
WordPress Contact Form Maker Plugin 1.12.20 contains SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries through the FormMakerSQLMapping and generete_csv_fmc AJAX actions. Attackers can inject malicious SQL code via the 'name' and 'search_labels' parameters to extract sensitive database information or escalate privileges.
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
| Vendor | Product | Version | Source |
|---|---|---|---|
| web-dorado | contact_form_maker | 𝑥 ≤ 1.12.20 | CNA |