HIGHVulnerability
Verified
Global
NVD HIGH: CVE-2018-25347 — WordPress Contact Form Maker Plugin 1.12.20 contains SQL injection vulnerabiliti...
·Source: NIST NVD
Updated:
Executive Summary
WordPress Contact Form Maker Plugin 1.12.20 contains SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries through the FormMakerSQLMapping and generete_csv_fmc AJAX actions. Attackers can inject malicious SQL code via the 'name' and 'search_labels' parameters to extract sensitive database information or escalate privileges.
Analysis
WordPress Contact Form Maker Plugin 1.12.20 contains SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries through the FormMakerSQLMapping and generete_csv_fmc AJAX actions. Attackers can inject malicious SQL code via the 'name' and 'search_labels' parameters to extract sensitive database information or escalate privileges. CVSS Score: 7.1. Published: 2026-05-23T19:16:54.723.