High

DATE	CVE	VULNERABILITY TITLE	RISK
2024-01-16	CVE-2023-2655	SQL Injection vulnerability in Web-Dorado Contact Form Maker The Contact Form by WD WordPress plugin through 1.13.23 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin network low complexity web-dorado CWE-89	7.2
2023-11-13	CVE-2023-46619	Cross-Site Request Forgery (CSRF) vulnerability in Web-Dorado Wdsocialwidgets Cross-Site Request Forgery (CSRF) vulnerability in WebDorado WDSocialWidgets plugin <= 1.0.15 versions. network low complexity web-dorado CWE-352	8.8
2019-04-29	CVE-2019-11591	Inclusion of Functionality from Untrusted Control Sphere vulnerability in Web-Dorado Contact Form The WebDorado Contact Form plugin before 1.13.5 for WordPress allows CSRF via the wp-admin/admin-ajax.php action parameter, with resultant local file inclusion via directory traversal, because there can be a discrepancy between the $_POST['action'] value and the $_GET['action'] value, and the latter is unsanitized. network low complexity web-dorado CWE-829	8.8
2019-04-26	CVE-2019-11557	Path Traversal vulnerability in Web-Dorado WP Form Builder The WebDorado Contact Form Builder plugin before 1.0.69 for WordPress allows CSRF via the wp-admin/admin-ajax.php action parameter, with resultant local file inclusion via directory traversal, because there can be a discrepancy between the $_POST['action'] value and the $_GET['action'] value, and the latter is unsanitized. network low complexity web-dorado CWE-22	8.8
2018-02-17	CVE-2018-5991	SQL Injection vulnerability in Web-Dorado Form Maker 3.6.12 SQL Injection exists in the Form Maker 3.6.12 component for Joomla! via the id, from, or to parameter in a view=stats request, a different vulnerability than CVE-2015-2798. network low complexity web-dorado CWE-89	7.5
2018-02-17	CVE-2018-5981	SQL Injection vulnerability in Web-Dorado Gallery WD 1.3.6 SQL Injection exists in the Gallery WD 1.3.6 component for Joomla! via the tag_id parameter or gallery_id parameter. network low complexity web-dorado CWE-89	7.5
2017-07-25	CVE-2015-2798	SQL Injection vulnerability in Web-Dorado Contact Form Maker 1.0.1 SQL injection vulnerability in Joomla! Component Contact Form Maker 1.0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. network low complexity web-dorado CWE-89	7.5
2017-04-12	CVE-2017-7719	SQL Injection vulnerability in Web-Dorado Spider Event Calendar SQL injection in the Spider Event Calendar (aka spider-event-calendar) plugin before 1.5.52 for WordPress is exploitable with the order_by parameter to calendar_functions.php or widget_Theme_functions.php, related to front_end/frontend_functions.php. network low complexity web-dorado CWE-89	7.5
2015-03-20	CVE-2015-2562	SQL Injection vulnerability in Web-Dorado Ecommerce WD 1.2.5 Multiple SQL injection vulnerabilities in the Web-Dorado ECommerce WD (com_ecommercewd) component 1.2.5 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) search_category_id, (2) sort_order, or (3) filter_manufacturer_ids in a displayproducts action to index.php. network low complexity web-dorado CWE-89	7.5
2015-03-03	CVE-2015-2196	SQL Injection vulnerability in Web-Dorado Spider Calendar 1.4.9 SQL injection vulnerability in Spider Event Calendar 1.4.9 for WordPress allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a spiderbigcalendar_month action to wp-admin/admin-ajax.php. network low complexity web-dorado CWE-89	7.5