WordPress Ultimate Form Builder Lite Plugin 'wp-admin/admin-ajax.php' SQL Injection Vulnerability



The Ultimate Form Builder Lite plugin for WordPress is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Versions prior to Ultimate Form Builder Lite 1.3.7 are vulnerable.

Information

Bugtraq ID: 101604
Class: Input Validation Error
CVE: CVE-2017-15919

Remote: Yes
Local: No
Published: Oct 26 2017 12:00AM
Updated: Oct 26 2017 12:00AM
Credit: WordFence Security Team.
Vulnerable: WordPress ultimate-form-builder-lite 1.3.6
WordPress ultimate-form-builder-lite 1.3.5
WordPress ultimate-form-builder-lite 1.3.4
WordPress ultimate-form-builder-lite 1.3.3
WordPress ultimate-form-builder-lite 1.3.2
WordPress ultimate-form-builder-lite 1.3.1
WordPress ultimate-form-builder-lite 1.3


Not Vulnerable: WordPress ultimate-form-builder-lite 1.3.7


Exploit


Attackers can exploit this issue through browser.


Related Posts