WordPress Plugin Vulnerabilities

Form Maker by 10Web < 1.13.5 - Cross-Site Request Forgery (CSRF) to LFI

Description

Form Maker by WD plugin suffers from a CSRF issue that could lead to an LFI attack.

Affects Plugins

Plugin icon
form-maker
Fixed in 1.13.5

References

CVE
CVE-2019-11590
URL
https://packetstormsecurity.com/files/#152408/
URL
https://pvagenas.com/vulnerabilities/form-maker-by-wd-csrf/
URL
https://plugins.trac.wordpress.org/changeset/2062947/form-maker
URL
https://seclists.org/bugtraq/2019/Apr/9

Miscellaneous

Original Researcher
p4n
Submitter website
https://pvagenas.com
Submitter twitter
panVagenas
Verified
No
WPVDB ID
1d0da0f4-c827-4f56-8fc5-1110e4ea9670

Timeline

Publicly Published
2019-04-05 (about 6 years ago)
Added
2019-04-10 (about 6 years ago)
Last Updated
2020-07-12 (about 5 years ago)

Other

Published
Title
Published
2020-01-09
Title
CityBook < 2.3.4 - Multiple Vulnerabilities
Published
2019-07-08
Title
Rencontre – Dating Site <= 3.1.2 - SQLi & XSS
Published
2015-01-02
Title
WP Limit Posts Automatically <= 0.7 - CSRF & XSS
Published
2014-09-29
Title
Category Page Icons <= 0.9.1 - Arbitrary File Upload/Deletion via Path Traversal
Published
2014-11-10
Title
Another WordPress Classifieds Plugin < 3.0 - SQLi & XSS