Headline
CVE-2019-11591: Contact Form by WD – responsive drag & drop contact form builder tool
The WebDorado Contact Form plugin before 1.13.5 for WordPress allows CSRF via the wp-admin/admin-ajax.php action parameter, with resultant local file inclusion via directory traversal, because there can be a discrepancy between the $_POST[‘action’] value and the $_GET[‘action’] value, and the latter is unsanitized.
- Details
- Reviews
- Development
Create simple contact forms or complex applications with this FREE and intuitive WordPress plugin. No coding knowledge is required.
Very easy to set up and use!
Awesome features, high functionality.
I have had this problem more than once with this plugin. When they update the plugin, they change the short code without letting anyone know. The previous short code on the contact page of my website is then useless and I loose business because I never get the email. Next, I have had complaints from potential customers (between web-d updates) that they have to submit the captcha three or four times.
This plug-in gives you a great opportunity to get in contact with the visitors on your site. Easy to configure, and set up the fields like you want them.
I like this plugin, because it really helps make usable contact forms. The service is fast and competent.
Read all 156 reviews
“Contact Form by WD – responsive drag & drop contact form builder tool” is open source software. The following people have contributed to this plugin.
Contributors