CVE-2018-10504

CVE

HighConfirmedExploit available

The WebDorado "Form Maker by WD" plugin before 1.12.24 for WordPress allows CSV injection.

CVSS

7.8

High

EPSS

0.03

p86

Published

2018-01-01

Updated

2018-01-01

Description

The WebDorado "Form Maker by WD" plugin before 1.12.24 for WordPress allows CSV injection.

Tags · CWE

CWE-1236

Affected products

Form_maker < 1.12.24

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Timeline

2018-01-01

Published

2018-01-01

Updated

CVSS 3.1 breakdown

Attack Vector

AV: L

Local (L)

Attack Complexity

AC: L

Low (L)

Privileges Required

PR: N

None (N)

User Interaction

UI: R

Required (R)

Scope

S: U

Unchanged (U)

Confidentiality Impact

C: H

High (H)

Integrity Impact

I: H

High (H)

Availability Impact

A: H

High (H)

Exploit indicators

EPSS

0.030 · p86

Known exploited (KEV)

Known exploits — Сканер-ВС

44559

exploitdb · https://www.exploit-db.com/exploits/44559

Enterprise

Affected software

Product	Vendor	Status
form_maker	*	Tracked

Source databases

CVE