Form Maker by WD < 1.12.24 – CSV Injection | CVE 2018-10504

Affects Plugins

form-maker

Fixed in 1.12.24

References

CVE

CVE-2018-10504

URL

https://0day.today/exploit/30274

URL

https://plugins.trac.wordpress.org/changeset/1864243/form-maker

URL

https://plugins.trac.wordpress.org/changeset/1857225/form-maker

Classification

Type

INJECTION

OWASP top 10

A1: Injection

CVSS

4.4 (medium)

Miscellaneous

Submitter

Ryan Dewhurst

Submitter twitter

ethicalhack3r

Verified

No

WPVDB ID

55eb6edc-2a87-48dc-a39d-02cac6a32955

Timeline

Publicly Published

2018-05-01 (about 6 years ago)

Added

2018-05-01 (about 6 years ago)

Last Updated

2020-07-12 (about 3 years ago)

Other

Published

Title

Published

2023-02-16

Title

WoodMart < 7.1.2 - Unauthenticated Arbitrary Shortcode Injection

Published

2023-10-20

Title

MainWP Dashboard < 4.5.1.3 - Authenticated(Administrator+) CSS Injection

Published

2024-05-14

Title

Insert or Embed Articulate Content into WordPress <= 4.3000000023 - Iframe Injection

Published

2023-10-22

Title

wpDiscuz < 7.6.11 - Unauthenticated Content Injection

Published

2020-03-11

Title

Search Meter < 2.13.3 - CSV Injection