The ultimate-form-builder-lite plugin prior to 1.3.7 for WordPress has SQL Injection, with resultant PHP Object Injection, via wp-admin/admin-ajax.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
accesspressthemes ultimate-form-builder-lite |