Web Dorado Contact Form Maker
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Web Dorado Contact Form Maker.
By the Year
In 2026 there have been 2 vulnerabilities in Web Dorado Contact Form Maker with an average score of 5.6 out of ten. Contact Form Maker did not have any published security vulnerabilities last year. That is, 2 more vulnerabilities have already been reported in 2026 as compared to last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 2 | 5.55 |
| 2025 | 0 | 0.00 |
| 2024 | 1 | 7.20 |
It may take a day or so for new Contact Form Maker vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Web Dorado Contact Form Maker Security Vulnerabilities
WordPress Contact Form by WD 1.13.1 CSRF+LFI via unsanitized action parameter
CVE-2019-25734
4 - Medium
- June 04, 2026
Contact Form by WD 1.13.1 contains a cross-site request forgery vulnerability combined with local file inclusion that allows unauthenticated attackers to include arbitrary files by exploiting unsanitized action parameters. Attackers can craft malicious forms targeting the admin-ajax.php endpoint with directory traversal sequences in the GET action parameter to load files via CSRF, bypassing authentication on vulnerable AJAX actions.
Directory traversal
WordPress Contact Form Maker 1.12.20 SQLi via FMSQLMap & generete_csv_fmc
CVE-2018-25347
7.1 - High
- May 23, 2026
WordPress Contact Form Maker Plugin 1.12.20 contains SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries through the FormMakerSQLMapping and generete_csv_fmc AJAX actions. Attackers can inject malicious SQL code via the 'name' and 'search_labels' parameters to extract sensitive database information or escalate privileges.
SQL Injection
SQLi via Unsanitized Param in wd CF 1.13.23 WordPress Plugin
CVE-2023-2655
7.2 - High
- January 16, 2024
The Contact Form by WD WordPress plugin through 1.13.23 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin
SQL Injection
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Web Dorado Contact Form Maker or by Web Dorado? Click the Watch button to subscribe.
