Description
Eval injection vulnerability in the fm_saveHelperGatherItems function in ajax.php in the Form Manager plugin before 1.7.3 for WordPress allows remote attackers to execute arbitrary code via unspecified vectors.
References (3)
Core 3
Core References
Third Party Advisory x_refsource_misc
https://wpvulndb.com/vulnerabilities/8220
Exploit, Third Party Advisory x_refsource_misc
http://appcheck-ng.com/remote-command-execution-in-wordpress-form-manager-plugin-cve-2015-7806/
Third Party Advisory x_refsource_confirm
https://plugins.trac.wordpress.org/changeset/1264145
Scores
CVSS v3
9.8
EPSS
0.0597
EPSS Percentile
92.4%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-77
Status
published
Products (1)
form_manager_project/form_manager
1.7.2
Published
Oct 17, 2017
Tracked Since
Feb 18, 2026