Published: 04/03/2019 Updated: 07/03/2019
CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8
CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8
VMScore: 356
Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N

Vulnerability Summary

The "Forminator Contact Form, Poll & Quiz Builder" plugin prior to 1.6 for WordPress has SQL Injection via the wp-admin/admin.php?page=forminator-entries entry[] parameter if the attacker has the delete permission.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

wpmudev forminator contact form\\, poll \\& quiz builder

Mailing Lists

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On Tue, Feb 05, 2019 at 04:19:16PM +0100, Tim Coen wrote: Please use CVE-2019-9567 for XSS vulnerability and CVE-2019-9568 for SQL-injection vulnerability - -- Henri Salo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEE/aVSDznAZReWTkxKJ633pE6qdXQFAlx9zwAACgkQJ633pE6q dXScdQ/+NVNYUW7vnrffGyXzEN1sL ...