WordPress Plugin Vulnerabilities

Contact Form Builder <= 1.0.24 - Authenticated Blind SQL Injection

Description

The WDContactFormBuilder WordPress plugin was affected by an Authenticated Blind SQL Injection security vulnerability.

Affects Plugins

Plugin icon
contact-form-builder
Fixed in 1.0.25

References

URL
http://cinu.pl/research/wp-plugins/mail_ad1cf9ff7c1cbcdff7c46ddb6ee359e9.html
URL
http://blog.cinu.pl/2015/11/php-static-code-analysis-vs-top-1000-wordpress-plugins.html

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
48947e3a-7c64-4187-bd03-be642cee2c74

Timeline

Publicly Published
2015-07-07 (about 10 years ago)
Added
2015-11-22 (about 10 years ago)
Last Updated
2019-10-31 (about 6 years ago)

Other

Published
Title
Published
2021-08-22
Title
WordPress Page Contact <= 1.0 - Authenticated (editor+) SQL Injection
Published
2025-12-10
Title
List Category Posts < 0.92.0 - Authenticated (Contributor+) SQL Injection via Plugin's Shortcode
Published
2026-02-18
Title
Shield Security < 21.0.10 - Cross-Site Request Forgery to SQL Injection
Published
2024-12-20
Title
Frontend Admin by DynamiApps < 3.25.2 - Unauthenticated SQL Injection
Published
2024-10-31
Title
WP EIS <= 1.3.3 - Authenticated (Contributor+) SQL Injection