HIGH
10Web
CVE published 2026-05-23
CVE-2018-25346
CVE-2018-25346 documents SQL injection vulnerabilities in WordPress Form Maker Plugin versions 1.12.24 and below. The vulnerability allows authenticated attackers to manipulate database queries by injecting SQL code through the FormMakerSQLMapping and generete_csv actions via POST requests containing malicious payloads in the name and search_labels parameters. This enables database extraction, modificatio [truncated]