CVE-2018-25347

Name of the Vulnerable Software and Affected Versions WordPress Contact Form Maker Plugin version 1.12.20

Description Authenticated attackers can manipulate database queries through the 'FormMakerSQLMapping' and 'generete csv fmc' AJAX actions. By injecting malicious SQL code via the name and search labels parameters, attackers may extract sensitive database information or escalate privileges.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.