web-dorado

Top products

The 15 most recently published vulnerabilities affecting web-dorado.

• CVE-2019-25734Contact Form by WD 1.13.1 CSRF to Local File Inclusion4.0Jun 4, 2026
• CVE-2018-25347WordPress Contact Form Maker Plugin 1.12.20 SQL Injection7.1May 23, 2026
• CVE-2023-2655Contact Form by WD <= 1.13.23 - Admin+ SQLi7.2Jan 16, 2024
• CVE-2023-48320WordPress Video Player Plugin <= 1.5.22 is vulnerable to Cross Site Scripting (XSS)5.9Nov 30, 2023
• CVE-2023-5048WDContactFormBuilder <= 1.0.72 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode6.4Nov 22, 2023
• CVE-2023-46619WordPress Spider Facebook Plugin <= 1.0.15 is vulnerable to Cross Site Request Forgery (CSRF)5.4Nov 13, 2023
• CVE-2023-5709WD WidgetTwitter <= 1.0.9 - Authenticated (Contributor+) SQL Injection via Shortcode8.8Nov 7, 2023
• CVE-2023-46090WordPress Spider Facebook Plugin <= 1.0.15 is vulnerable to Cross Site Scripting (XSS)7.1Oct 26, 2023
• CVE-2023-45632WordPress Video Player Plugin <= 1.5.22 is vulnerable to Cross Site Scripting (XSS)7.1Oct 18, 2023
• CVE-2021-24625SpiderCatalog <= 1.7.3 - Admin+ SQL Injection7.2Nov 8, 2021
• CVE-2021-24426Backup by 10Web <= 1.0.20 - Reflected Cross-Site Scripting (XSS)4.8Jul 12, 2021
• CVE-2019-11591The WebDorado Contact Form plugin before 1.13.5 for WordPress allows CSRF via the wp-admin/admin-ajax.php action parameter, with resultant local file inclusion via directory traversal, because ther...8.8Apr 29, 2019
• CVE-2019-11557The WebDorado Contact Form Builder plugin before 1.0.69 for WordPress allows CSRF via the wp-admin/admin-ajax.php action parameter, with resultant local file inclusion via directory traversal, beca...8.8Apr 26, 2019
• CVE-2018-16164Cross-site scripting vulnerability in Event Calendar WD version 1.1.21 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.5.4Jan 9, 2019
• CVE-2018-10504The WebDorado "Form Maker by WD" plugin before 1.12.24 for WordPress allows CSV injection.7.8Apr 27, 2018