Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2019-11557: WDContactFormBuilder

The WebDorado Contact Form Builder plugin before 1.0.69 for WordPress allows CSRF via the wp-admin/admin-ajax.php action parameter, with resultant local file inclusion via directory traversal, because there can be a discrepancy between the $_POST[‘action’] value and the $_GET[‘action’] value, and the latter is unsanitized.

CVE
#csrf#web#wordpress#php
  • Details
  • Reviews
  • Development

Create responsive FREE contact forms with multiple templates and themes.

Quick way to build a form without taking rocket science classes.

I have absolutely no complaints. It’s taken me a bit to find my way around, but the program is working like a well-oiled engine.

Does the work, is configurable, works fine!

I’ve had the form on my website since launching it and it’s been very helpful for us to collate and collect information.

thanks a lot for free use in this configuration. It works and good for individual Forms.

easy to use. simple and efficient.

Read all 186 reviews

“WDContactFormBuilder” is open source software. The following people have contributed to this plugin.

Contributors

  • webdorado

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907