Vulnerabilities > WEB Dorado

DATE	CVE	VULNERABILITY TITLE	RISK
2019-04-26	CVE-2019-11557	Path Traversal vulnerability in Web-Dorado WP Form Builder The WebDorado Contact Form Builder plugin before 1.0.69 for WordPress allows CSRF via the wp-admin/admin-ajax.php action parameter, with resultant local file inclusion via directory traversal, because there can be a discrepancy between the $_POST['action'] value and the $_GET['action'] value, and the latter is unsanitized. network low complexity web-dorado CWE-22	8.8
2019-01-09	CVE-2018-16164	Cross-site Scripting vulnerability in Web-Dorado Event Calendar WD Cross-site scripting vulnerability in Event Calendar WD version 1.1.21 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. network low complexity web-dorado CWE-79	5.4
2018-04-27	CVE-2018-10504	Improper Neutralization of Formula Elements in a CSV File vulnerability in Web-Dorado Form Maker The WebDorado "Form Maker by WD" plugin before 1.12.24 for WordPress allows CSV injection. local low complexity web-dorado CWE-1236	7.8
2018-04-23	CVE-2018-10301	Cross-site Scripting vulnerability in Web-Dorado WD Instagram Feed Cross-site scripting (XSS) vulnerability in the Web-Dorado Instagram Feed WD plugin before 1.3.1 Premium for WordPress allows remote attackers to inject arbitrary web script or HTML by passing payloads in a comment on an Instagram post. network low complexity web-dorado CWE-79	6.1
2018-04-23	CVE-2018-10300	Cross-site Scripting vulnerability in Web-Dorado WD Instagram Feed Cross-site scripting (XSS) vulnerability in the Web-Dorado Instagram Feed WD plugin before 1.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML by passing payloads in an Instagram profile's bio. network low complexity web-dorado CWE-79	6.1
2018-02-17	CVE-2018-5991	SQL Injection vulnerability in Web-Dorado Form Maker 3.6.12 SQL Injection exists in the Form Maker 3.6.12 component for Joomla! via the id, from, or to parameter in a view=stats request, a different vulnerability than CVE-2015-2798. network low complexity web-dorado CWE-89 critical	9.8
2018-02-17	CVE-2018-5981	SQL Injection vulnerability in Web-Dorado Gallery WD 1.3.6 SQL Injection exists in the Gallery WD 1.3.6 component for Joomla! via the tag_id parameter or gallery_id parameter. network low complexity web-dorado CWE-89 critical	9.8
2017-07-25	CVE-2015-2798	SQL Injection vulnerability in Web-Dorado Contact Form Maker 1.0.1 SQL injection vulnerability in Joomla! Component Contact Form Maker 1.0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. network low complexity web-dorado CWE-89 critical	9.8
2017-07-07	CVE-2017-2224	Cross-site Scripting vulnerability in Web-Dorado Event Calendar WD Cross-site scripting vulnerability in Event Calendar WD prior to version 1.0.94 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. network low complexity web-dorado CWE-79	6.1
2017-04-12	CVE-2017-7719	SQL Injection vulnerability in Web-Dorado Spider Event Calendar SQL injection in the Spider Event Calendar (aka spider-event-calendar) plugin before 1.5.52 for WordPress is exploitable with the order_by parameter to calendar_functions.php or widget_Theme_functions.php, related to front_end/frontend_functions.php. network low complexity web-dorado CWE-89 critical	9.8

Vulnerabilities > WEB Dorado {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"WEB Dorado"}]}

Vulnerabilities > WEB Dorado