WordPress Plugin Vulnerabilities

FormBuilder <= 1.0.7 - Multiple Authenticated SQL Injection

Description

The FormBuilder WordPress plugin was affected by a Multiple Authenticated SQL Injection security vulnerability.

Affects Plugins

Plugin icon
formbuilder
Fixed in 1.0.8

References

URL
https://sumofpwn.nl/advisory/2016/multiple_blind_sql_injection_vulnerabilities_in_formbuilder_wordpress_plugin.html
URL
https://seclists.org/fulldisclosure/2017/Jan/77

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
1482c290-9c73-4846-829c-8b4d6c17c393

Timeline

Publicly Published
2017-01-28 (about 9 years ago)
Added
2017-01-30 (about 9 years ago)
Last Updated
2019-11-01 (about 6 years ago)

Other

Published
Title
Published
2024-09-26
Title
WPExperts Square For GiveWP < 1.3.2 - Subscriber+ SQL Injection
Published
2025-02-18
Title
LTL Freight Quotes – SAIA Edition < 2.2.11 - Unauthenticated SQL Injection
Published
2024-05-23
Title
Web Directory Free < 1.7.0 - Unauthenticated SQL Injection
Published
2024-04-07
Title
User Activity Log < 2.0 - Admin+ SQL Injection
Published
2025-02-08
Title
Super Store Finder < 7.1 - Unauthenticated SQL Injection to Stored Cross-Site Scripting