Vulnerability Description
In the Form Maker plugin before 1.13.3 for WordPress, it's possible to achieve SQL injection in the function get_labels_parameters in the file form-maker/admin/models/Submissions_fm.php with a crafted value of the /models/Submissioc parameter.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| 10Web | Form Maker | < 1.13.3 |
Related Weaknesses (CWE)
References
- http://seclists.org/fulldisclosure/2019/May/8ExploitMailing ListThird Party Advisory
- https://wordpress.org/plugins/form-maker/#developersRelease NotesThird Party Advisory
- https://wpvulndb.com/vulnerabilities/9286
- http://seclists.org/fulldisclosure/2019/May/8ExploitMailing ListThird Party Advisory
- https://wordpress.org/plugins/form-maker/#developersRelease NotesThird Party Advisory
- https://wpvulndb.com/vulnerabilities/9286
FAQ
What is CVE-2019-10866?
CVE-2019-10866 is a vulnerability with a CVSS score of 9.8 (CRITICAL). In the Form Maker plugin before 1.13.3 for WordPress, it's possible to achieve SQL injection in the function get_labels_parameters in the file form-maker/admin/models/Submissions_fm.php with a crafted...
How severe is CVE-2019-10866?
CVE-2019-10866 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2019-10866?
Check the references section above for vendor advisories and patch information. Affected products include: 10Web Form Maker.