{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/form-maker-plugin--1.12.24/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":7.1,"id":"CVE-2018-25346"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Form Maker Plugin \u003c= 1.12.24"],"_cs_severities":["high"],"_cs_tags":["sqli","wordpress","plugin"],"_cs_type":"threat","_cs_vendors":["WordPress"],"content_html":"\u003cp\u003eThe WordPress Form Maker Plugin, specifically versions 1.12.24 and below, is susceptible to SQL injection vulnerabilities. This flaw allows authenticated attackers to inject malicious SQL code into database queries through specific actions within the plugin. The vulnerability exists within the FormMakerSQLMapping and generete_csv functionalities. By crafting malicious POST requests and injecting SQL payloads into the \u0026rsquo;name\u0026rsquo; and \u0026lsquo;search_labels\u0026rsquo; parameters, attackers can manipulate database queries to extract sensitive data, modify existing records, or potentially escalate their privileges within the WordPress database. This vulnerability presents a significant risk to websites using the vulnerable plugin, potentially leading to complete compromise of the affected WordPress instance.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker authenticates to the WordPress instance with valid user credentials.\u003c/li\u003e\n\u003cli\u003eAttacker crafts a POST request targeting the FormMakerSQLMapping action.\u003c/li\u003e\n\u003cli\u003eThe POST request includes a malicious SQL payload within the \u0026rsquo;name\u0026rsquo; parameter.\u003c/li\u003e\n\u003cli\u003eThe application fails to properly sanitize the \u0026rsquo;name\u0026rsquo; parameter, allowing the SQL code to be injected into a database query.\u003c/li\u003e\n\u003cli\u003eThe injected SQL code is executed against the WordPress database.\u003c/li\u003e\n\u003cli\u003eAttacker crafts a POST request targeting the generete_csv action.\u003c/li\u003e\n\u003cli\u003eThe POST request includes a malicious SQL payload within the \u0026lsquo;search_labels\u0026rsquo; parameter.\u003c/li\u003e\n\u003cli\u003eThe injected SQL code is executed against the WordPress database, potentially allowing the attacker to extract sensitive information or modify data.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this SQL injection vulnerability can lead to several critical impacts. Attackers could extract sensitive data such as user credentials, customer information, or other confidential data stored in the WordPress database. They could also modify existing data, potentially defacing the website or corrupting critical information. In a worst-case scenario, attackers could escalate their privileges to administrator level, granting them full control over the WordPress instance. This could lead to complete compromise of the website and its associated data.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade the WordPress Form Maker Plugin to a version greater than 1.12.24 to patch CVE-2018-25346.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026ldquo;Detect WordPress Form Maker SQL Injection via FormMakerSQLMapping\u0026rdquo; to your SIEM to detect exploitation attempts.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026ldquo;Detect WordPress Form Maker SQL Injection via generete_csv\u0026rdquo; to detect exploitation attempts.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for suspicious POST requests targeting the FormMakerSQLMapping and generete_csv actions in the WordPress Form Maker Plugin.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-26T13:38:59Z","date_published":"2026-05-26T13:38:59Z","id":"https://feed.craftedsignal.io/briefs/2026-05-cve-2018-25346-sqli/","summary":"WordPress Form Maker Plugin version 1.12.24 and below is vulnerable to SQL injection, allowing authenticated attackers to manipulate database queries through the FormMakerSQLMapping and generete_csv actions via crafted POST requests, potentially leading to data extraction, modification, or privilege escalation.","title":"WordPress Form Maker Plugin SQL Injection Vulnerability (CVE-2018-25346)","url":"https://feed.craftedsignal.io/briefs/2026-05-cve-2018-25346-sqli/"}],"language":"en","title":"CraftedSignal Threat Feed — Form Maker Plugin \u003c= 1.12.24","version":"https://jsonfeed.org/version/1.1"}