Neven Biruski - Security Researcher - Exploit Intelligence Platform

CVE-2018-25347 EXPLOITDB HIGH text WORKING POC

WordPress Contact Form Maker Plugin 1.12.20 SQL Injection

WordPress Contact Form Maker Plugin 1.12.20 contains SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries through the FormMakerSQLMapping and generete_csv_fmc AJAX actions. Attackers can inject malicious SQL code via the 'name' and 'search_labels' parameters to extract sensitive database information or escalate privileges.

CVSS 7.1

View Code

CVE-2018-25346 EXPLOITDB HIGH text WORKING POC

WordPress Form Maker Plugin 1.12.24 SQL Injection via admin-ajax.php

WordPress Form Maker Plugin 1.12.24 and below contains SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries by injecting SQL code through the FormMakerSQLMapping and generete_csv actions. Attackers can submit POST requests with malicious SQL payloads in the name and search_labels parameters to extract, modify, or escalate privileges within the WordPress database.

CVSS 7.1

View Code

EIP-2026-114125 EXPLOITDB text WRITEUP

WordPress Plugin Tribulant Newsletters 4.6.4.2 - File Disclosure / Cross-Site Scripting

View Code

EIP-2026-114184 EXPLOITDB text WRITEUP

WordPress Plugin WebDorado Gallery 1.3.29 - SQL Injection

View Code

EIP-2026-113710 EXPLOITDB text WRITEUP

WordPress Plugin Easy Modal 2.0.17 - SQL Injection

View Code

EIP-2026-113815 EXPLOITDB text WRITEUP

WordPress Plugin Huge-IT Video Gallery 2.0.4 - SQL Injection

View Code