CyberSec.Space Logo
Back to CVE Browser

CVE-2017-15919

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1350%
EPSS Percentile31.71th
PublishedOct 26, 2017
Last ModifiedMay 13, 2026

Vulnerability Description

The ultimate-form-builder-lite plugin before 1.3.7 for WordPress has SQL Injection, with resultant PHP Object Injection, via wp-admin/admin-ajax.php.

Affected Platforms (CPE)

πŸ“¦
Accesspressthemes

Ultimate Form Builder Lite

<= 1.3.6

References & Advisories

πŸ”— http://www.securityfocus.com/bid/101604
πŸ”— https://wordpress.org/plugins/ultimate-form-builder-lite/#developers
πŸ”— https://wpvulndb.com/vulnerabilities/8935
πŸ”— https://www.wordfence.com/blog/2017/10/zero-day-vulnerability-ultimate-form-builder-lite/
πŸ”— http://www.securityfocus.com/bid/101604
πŸ”— https://wordpress.org/plugins/ultimate-form-builder-lite/#developers
πŸ”— https://wpvulndb.com/vulnerabilities/8935
πŸ”— https://www.wordfence.com/blog/2017/10/zero-day-vulnerability-ultimate-form-builder-lite/

Related Vulnerabilities

CVE-2018-253527.1

WordPress Ultimate Form Builder Lite plugin version 1.3.7 and below contains an SQL injection vulnerability that allows authentica...

CVE-2017-522610.0

When executing a program via the bubblewrap sandbox, the nonpriv session can escape to the parent session by using the TIOCSTI ioc...

CVE-2017-796410.0

Zyxel WRE6505 devices have a default TELNET password of 1234 for the root and admin accounts, which makes it easier for remote att...

CVE-2017-232010.0

A vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unauthenti...