Vulnerabilities > WEB Dorado > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-16 | CVE-2023-2655 | SQL Injection vulnerability in Web-Dorado Contact Form Maker The Contact Form by WD WordPress plugin through 1.13.23 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin | 7.2 |
| 2023-11-13 | CVE-2023-46619 | Unspecified vulnerability in Web-Dorado Wdsocialwidgets Cross-Site Request Forgery (CSRF) vulnerability in WebDorado WDSocialWidgets plugin <= 1.0.15 versions. | 8.8 |
| 2021-11-08 | CVE-2021-24625 | Unspecified vulnerability in Web-Dorado Spidercatalog The SpiderCatalog WordPress plugin through 1.7.3 does not sanitise or escape the 'parent' and 'ordering' parameters from the admin dashboard before using them in a SQL statement, leading to a SQL injection when adding a category | 7.2 |
| 2019-04-29 | CVE-2019-11591 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Web-Dorado Contact Form The WebDorado Contact Form plugin before 1.13.5 for WordPress allows CSRF via the wp-admin/admin-ajax.php action parameter, with resultant local file inclusion via directory traversal, because there can be a discrepancy between the $_POST['action'] value and the $_GET['action'] value, and the latter is unsanitized. | 8.8 |
| 2019-04-26 | CVE-2019-11557 | Path Traversal vulnerability in Web-Dorado WP Form Builder The WebDorado Contact Form Builder plugin before 1.0.69 for WordPress allows CSRF via the wp-admin/admin-ajax.php action parameter, with resultant local file inclusion via directory traversal, because there can be a discrepancy between the $_POST['action'] value and the $_GET['action'] value, and the latter is unsanitized. | 8.8 |
| 2018-04-27 | CVE-2018-10504 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Web-Dorado Form Maker The WebDorado "Form Maker by WD" plugin before 1.12.24 for WordPress allows CSV injection. | 7.8 |