Approved changes feed: RSS · Atom

cpe:2.3:a:10web:form_maker:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor10Web (a48aaa7e-f686-5cd9-9b59-60b5c3bf60d0)
ProductForm Maker (a03db78f-bb71-5168-9182-28644ee01cb7)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from gcve-enriched-dumps CVE data

PURL mappings

PURLSourceLast updated
No PURL mappings for this CPE yet.

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2018-25346 vulnerable 2026-06-08 05:11:29.823274 WordPress Form Maker Plugin 1.12.24 SQL Injection via admin-ajax.php
HIGH (7.1)
WordPress Form Maker Plugin 1.12.24 and below contains SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries by injecting SQL code through the FormMakerSQLMapping and generete_csv actions. Attackers can submit POST requests with malicious SQL payloads in the name and search_labels parameters to extract, modify, or escalate privileges within the WordPress database.
Published: 2026-05-23T18:30:48.238Z
Updated: 2026-05-26T14:11:11.123Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.