CyberSec.Space Logo
返回 CVE 浏览器

CVE-2018-25352

HIGH
7.1
CVSS Severity Score
EPSS Score0.1250%
EPSS Percentile13.38th
Published2026年5月23日
Last Modified2026年5月26日

Vulnerability Description

WordPress Ultimate Form Builder Lite plugin version 1.3.7 and below contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the entry_id POST parameter. Attackers can send POST requests to the admin-ajax.php endpoint with the ufbl_get_entry_detail_action action to extract, modify, or escalate privileges within the WordPress database.

Affected Platforms (CPE)

No CPE configurations currently published for this record.

References & Advisories

🔗 http://vulnerablesite.com/wp-admin/admin-ajax.php
🔗 https://www.exploit-db.com/exploits/44884
🔗 https://www.vulncheck.com/advisories/wordpress-ultimate-form-builder-lite-sql-injection-via-entry-id

相关漏洞威胁

CVE-2018-010110.0

A vulnerability in the Secure Sockets Layer (SSL) VPN functionality of the Cisco Adaptive Security Appliance (ASA) Software could ...

CVE-2018-1071810.0

Stack-based buffer overflow in Activision Infinity Ward Call of Duty Modern Warfare 2 before 2018-04-26 allows remote attackers to...

CVE-2018-261110.0

Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: Core Service...

CVE-2018-1472110.0

FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery (SSRF) attacks by ...