CVE-2015-7806

Name of the Vulnerable Software and Affected Versions Form Manager plugin versions prior to 1.7.3

Description The issue concerns an eval injection vulnerability in the fm saveHelperGatherItems function within the ajax.php file of the Form Manager plugin for WordPress. This allows remote attackers to execute arbitrary code via unspecified vectors.

Recommendations For versions prior to 1.7.3, update to version 1.7.3 or later to resolve the issue. As a temporary workaround, consider disabling the fm saveHelperGatherItems function in ajax.php until a patch is applied. Restrict access to the ajax.php file to minimize the risk of exploitation.