Vulnerability Details: Cross-Site Request Forgery (CSRF)/SQL Injection in Contact Form Maker (Contact Form by WD)
Recently Daniele Scanu disclosed the details of a cross-site request forgery (CSRF)/SQL injection vulnerability they had found in the plugin Form Maker. The developer of that plugin is also the developer of the plugin Contact Form Maker (Contact Form by WD) and they fixed the same vulnerability in that plugin as well.
…