PatchSiren

web-dorado CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

HIGH web-dorado CVE published 2026-05-23

CVE-2018-25347

CVE-2018-25347 documents SQL injection vulnerabilities in WordPress Contact Form Maker Plugin version 1.12.20. The vulnerability allows authenticated attackers to manipulate database queries through two specific AJAX actions: FormMakerSQLMapping and generete_csv_fmc. Attack vectors include the 'name' and 'search_labels' parameters, which lack proper sanitization before being incorporated into SQL statemen [truncated]