SQL Injection Vulnerability in Forminator Plugin for WordPress
CVE-2019-9568

6.5MEDIUM

Key Information:

Vendor
Wordpress
Status
Forminator
Vendor
CVE Published:
4 March 2019

Summary

The Forminator Contact Form, Poll & Quiz Builder plugin for WordPress had a vulnerability prior to version 1.6 that allowed for SQL injection through the wp-admin/admin.php?page=forminator-entries entry[] parameter. This vulnerability could be exploited by an attacker possessing delete permissions, enabling unauthorized database manipulation that could lead to data compromise.

References

https://lists.openwall.net/full-disclosure/2019/02/05/4
x_refsource_MISC
https://security-consulting.icu/blog/2019/02/wordpress-fo...
x_refsource_MISC
https://wordpress.org/plugins/forminator/#developers
x_refsource_MISC

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.