Form Manager <= 1.7.2 – Authenticated Remote Command Execution (RCE) | CVE 2015-7806

Affects Plugins

wordpress-form-manager

Fixed in 1.7.3

References

CVE

CVE-2015-7806

URL

https://appcheck-ng.com/critical-remote-command-execution-in-wordpress-form-manager-plugin-cve-2015-7806/

Classification

Type

RCE

OWASP top 10

A1: Injection

CWE

CWE-94

CVSS

9.8 (critical)

Miscellaneous

Submitter

ethicalhack3r

Submitter twitter

ethicalhack3r

Verified

No

WPVDB ID

e8d959f1-c72b-4bb6-a670-7d3a1390170e

Timeline

Publicly Published

2015-10-23 (about 10 years ago)

Added

2015-10-27 (about 10 years ago)

Last Updated

2021-06-08 (about 4 years ago)

Other

Published

Title

Published

2025-02-21

Title

Show Me The Cookies <= 1.0 - Unauthenticated Arbitrary Shortcode Execution

Published

2025-10-01

Title

s2Member < 251005 - Unauthenticated Remote Code Execution

Published

2025-09-26

Title

Norebro Extra <= 1.6.8 - Unauthenticated Arbitrary Shortcode Execution

Published

2024-09-23

Title

MDTF – Meta Data and Taxonomies Filter < 1.3.3.4 - Unauthenticated Arbitrary Shortcode Execution

Published

2025-02-07

Title

WP All Export Pro < 1.9.2 - Authenticated (ShopManager+) Arbtirary Options Update