| Max CVSS | 7.5 | Min CVSS | 6.8 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2019-11590 | 6.8 |
The 10Web Form Maker plugin before 1.13.5 for WordPress allows CSRF via the wp-admin/admin-ajax.php action parameter, with resultant local file inclusion via directory traversal, because there can be a discrepancy between the $_POST['action'] value a
|
24-08-2020 - 17:37 | 29-04-2019 - 14:29 | |
| CVE-2018-10504 | 6.8 |
The WebDorado "Form Maker by WD" plugin before 1.12.24 for WordPress allows CSV injection.
|
24-08-2020 - 17:37 | 27-04-2018 - 16:29 | |
| CVE-2019-10866 | 7.5 |
In the Form Maker plugin before 1.13.3 for WordPress, it's possible to achieve SQL injection in the function get_labels_parameters in the file form-maker/admin/models/Submissions_fm.php with a crafted value of the /models/Submissioc parameter.
|
03-08-2019 - 21:15 | 23-05-2019 - 19:29 |