CVE-2017-15919

Name of the Vulnerable Software and Affected Versions ultimate-form-builder-lite plugin versions prior to 1.3.7

Description The issue concerns SQL Injection, which can lead to PHP Object Injection. This occurs via the API endpoint "/wp-admin/admin-ajax.php".

Recommendations For versions prior to 1.3.7, update to version 1.3.7 or later to resolve the issue. As a temporary workaround, consider restricting access to the "/wp-admin/admin-ajax.php" endpoint until the update is applied.