Web Dorado Wp Form Builder
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Web Dorado Wp Form Builder.
By the Year
In 2026 there have been 0 vulnerabilities in Web Dorado Wp Form Builder. Wp Form Builder did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 0 | 0.00 |
| 2024 | 1 | 4.40 |
| 2023 | 1 | 6.40 |
| 2022 | 0 | 0.00 |
| 2021 | 0 | 0.00 |
| 2020 | 0 | 0.00 |
| 2019 | 1 | 8.80 |
It may take a day or so for new Wp Form Builder vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Web Dorado Wp Form Builder Security Vulnerabilities
WP Fluent Forms Stored XSS 5.1.19 for Admins
CVE-2024-6520
4.4 - Medium
- July 27, 2024
The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom error message in all versions up to, and including, 5.1.19 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
XSS
WDContactFormBuilder 1.0.72 Stored XSS via Contact_Form_Builder shortcode
CVE-2023-5048
6.4 - Medium
- November 22, 2023
The WDContactFormBuilder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Contact_Form_Builder' shortcode in versions up to, and including, 1.0.72 due to insufficient input sanitization and output escaping on 'id' user supplied attribute. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
XSS
The WebDorado Contact Form Builder plugin before 1.0.69 for WordPress
CVE-2019-11557
8.8 - High
- April 26, 2019
The WebDorado Contact Form Builder plugin before 1.0.69 for WordPress allows CSRF via the wp-admin/admin-ajax.php action parameter, with resultant local file inclusion via directory traversal, because there can be a discrepancy between the $_POST['action'] value and the $_GET['action'] value, and the latter is unsanitized.
Session Riding
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Web Dorado Wp Form Builder or by Web Dorado? Click the Watch button to subscribe.
