Recent Vulnerabilities Research Posts Trends Blog About Contact

Published: 29/04/2019 Updated: 27/02/2023

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

The WebDorado Contact Form plugin prior to 1.13.5 for WordPress allows CSRF via the wp-admin/admin-ajax.php action parameter, with resultant local file inclusion via directory traversal, because there can be a discrepancy between the $_POST['action'] value and the $_GET['action'] value, and the latter is unsanitized.

Vulnerable Product	Search on Vulmon	Subscribe to Product
web-dorado contact form

CWE-352 CWE-22 CWE-829 https://wordpress.org/plugins/contact-form-maker/#developers https://lists.openwall.net/full-disclosure/2019/04/05/12 http://seclists.org/fulldisclosure/2019/Apr/37 https://wpvulndb.com/vulnerabilities/9252 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2019-11591

Vulnerability Summary

Vulnerability Trend

References

Vulmon Search

About

Products

Connect