Headline
CVE-2019-11557: WDContactFormBuilder
The WebDorado Contact Form Builder plugin before 1.0.69 for WordPress allows CSRF via the wp-admin/admin-ajax.php action parameter, with resultant local file inclusion via directory traversal, because there can be a discrepancy between the $_POST[‘action’] value and the $_GET[‘action’] value, and the latter is unsanitized.
- Details
- Reviews
- Development
Create responsive FREE contact forms with multiple templates and themes.
Quick way to build a form without taking rocket science classes.
I have absolutely no complaints. It’s taken me a bit to find my way around, but the program is working like a well-oiled engine.
Does the work, is configurable, works fine!
I’ve had the form on my website since launching it and it’s been very helpful for us to collate and collect information.
thanks a lot for free use in this configuration. It works and good for individual Forms.
easy to use. simple and efficient.
Read all 186 reviews
“WDContactFormBuilder” is open source software. The following people have contributed to this plugin.
Contributors
- webdorado