{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/contact-form-maker-plugin-1.12.20/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":7.1,"id":"CVE-2018-25347"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Contact Form Maker Plugin 1.12.20"],"_cs_severities":["high"],"_cs_tags":["sqli","wordpress","plugin"],"_cs_type":"advisory","_cs_vendors":["WordPress"],"content_html":"\u003cp\u003eThe WordPress Contact Form Maker Plugin version 1.12.20 is susceptible to SQL injection vulnerabilities. Authenticated attackers can exploit these vulnerabilities to manipulate database queries through specific AJAX actions, namely \u0026lsquo;FormMakerSQLMapping\u0026rsquo; and \u0026lsquo;generete_csv_fmc\u0026rsquo;. By injecting malicious SQL code via the \u0026rsquo;name\u0026rsquo; and \u0026lsquo;search_labels\u0026rsquo; parameters, attackers can potentially extract sensitive information stored in the database or elevate their privileges within the WordPress application. This vulnerability allows malicious actors to compromise the integrity and confidentiality of data managed by the Contact Form Maker plugin. Defenders should prioritize patching and detection efforts to mitigate potential exploitation.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker authenticates to the WordPress application.\u003c/li\u003e\n\u003cli\u003eAttacker crafts a malicious HTTP request targeting the \u0026lsquo;FormMakerSQLMapping\u0026rsquo; or \u0026lsquo;generete_csv_fmc\u0026rsquo; AJAX action.\u003c/li\u003e\n\u003cli\u003eThe crafted request includes SQL injection payloads within the \u0026rsquo;name\u0026rsquo; or \u0026lsquo;search_labels\u0026rsquo; parameters.\u003c/li\u003e\n\u003cli\u003eThe WordPress server processes the request, passing the malicious SQL code to the database query.\u003c/li\u003e\n\u003cli\u003eThe injected SQL code modifies the intended database query, allowing the attacker to extract sensitive data.\u003c/li\u003e\n\u003cli\u003eThe attacker retrieves the extracted data from the server response.\u003c/li\u003e\n\u003cli\u003eThe attacker uses the extracted data to escalate privileges or gain further access to the WordPress application.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability can lead to the compromise of sensitive data stored within the WordPress database. This may include user credentials, customer data, or other confidential information managed by the Contact Form Maker plugin. Attackers can potentially use this access to escalate privileges, gain control of the WordPress site, and potentially use it as a beachhead for further attacks. The affected plugin version is 1.12.20, indicating that sites which have not applied updates are vulnerable.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade the WordPress Contact Form Maker Plugin to a version later than 1.12.20 to remediate the vulnerability (CVE-2018-25347).\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule provided below to detect potential SQL injection attempts targeting the vulnerable AJAX actions.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for suspicious POST requests to \u0026lsquo;FormMakerSQLMapping\u0026rsquo; or \u0026lsquo;generete_csv_fmc\u0026rsquo; containing SQL syntax in the \u0026rsquo;name\u0026rsquo; or \u0026lsquo;search_labels\u0026rsquo; parameters.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-26T13:39:34Z","date_published":"2026-05-26T13:39:34Z","id":"https://feed.craftedsignal.io/briefs/2026-05-wordpress-contact-form-sqli/","summary":"WordPress Contact Form Maker Plugin version 1.12.20 is vulnerable to SQL injection, enabling authenticated attackers to manipulate database queries via AJAX actions (FormMakerSQLMapping and generete_csv_fmc) by injecting malicious SQL code through the 'name' and 'search_labels' parameters, potentially extracting sensitive database information or escalating privileges.","title":"WordPress Contact Form Maker Plugin SQL Injection Vulnerability (CVE-2018-25347)","url":"https://feed.craftedsignal.io/briefs/2026-05-wordpress-contact-form-sqli/"}],"language":"en","title":"CraftedSignal Threat Feed — Contact Form Maker Plugin 1.12.20","version":"https://jsonfeed.org/version/1.1"}