{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2018-25352/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":7.1,"id":"CVE-2018-25352"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Ultimate Form Builder Lite plugin \u003c= 1.3.7"],"_cs_severities":["high"],"_cs_tags":["sqli","wordpress","plugin","CVE-2018-25352"],"_cs_type":"advisory","_cs_vendors":["WordPress"],"content_html":"\u003cp\u003eThe WordPress Ultimate Form Builder Lite plugin, specifically versions 1.3.7 and below, is vulnerable to SQL injection. This vulnerability (CVE-2018-25352) allows authenticated attackers to inject malicious SQL code via the \u003ccode\u003eentry_id\u003c/code\u003e POST parameter. By crafting specific POST requests to the \u003ccode\u003eadmin-ajax.php\u003c/code\u003e endpoint with the action \u003ccode\u003eufbl_get_entry_detail_action\u003c/code\u003e, attackers can manipulate database queries to extract sensitive information, modify existing data, or potentially escalate their privileges within the WordPress database. Successful exploitation could lead to complete compromise of the WordPress installation.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker authenticates to the WordPress application.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious HTTP POST request targeting the \u003ccode\u003eadmin-ajax.php\u003c/code\u003e endpoint.\u003c/li\u003e\n\u003cli\u003eThe POST request includes the \u003ccode\u003eaction\u003c/code\u003e parameter set to \u003ccode\u003eufbl_get_entry_detail_action\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe attacker injects SQL code into the \u003ccode\u003eentry_id\u003c/code\u003e POST parameter.\u003c/li\u003e\n\u003cli\u003eThe vulnerable plugin processes the \u003ccode\u003eentry_id\u003c/code\u003e parameter without proper sanitization, incorporating the injected SQL code into a database query.\u003c/li\u003e\n\u003cli\u003eThe crafted SQL query is executed against the WordPress database.\u003c/li\u003e\n\u003cli\u003eDepending on the injected SQL code, the attacker can extract sensitive data, modify database entries, or create new administrative accounts.\u003c/li\u003e\n\u003cli\u003eThe attacker leverages the gained access to compromise the entire WordPress installation.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this SQL injection vulnerability allows attackers to read, modify, or delete arbitrary data within the WordPress database. This can lead to sensitive data leakage, defacement of the website, or complete takeover of the WordPress installation. Depending on the attacker\u0026rsquo;s goals, they may escalate privileges to create new administrative accounts, inject malicious code into the website, or use the compromised server as a staging point for further attacks.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetect CVE-2018-25352 Exploitation Attempt — WordPress Ultimate Form Builder SQLi\u003c/code\u003e to identify potentially malicious requests targeting the vulnerable endpoint and parameter.\u003c/li\u003e\n\u003cli\u003eUpgrade the Ultimate Form Builder Lite plugin to a version greater than 1.3.7 to patch the CVE-2018-25352 vulnerability.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for suspicious POST requests to \u003ccode\u003eadmin-ajax.php\u003c/code\u003e with the \u003ccode\u003eufbl_get_entry_detail_action\u003c/code\u003e action and SQL-like syntax in the \u003ccode\u003eentry_id\u003c/code\u003e parameter.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-26T13:41:55Z","date_published":"2026-05-26T13:41:55Z","id":"https://feed.craftedsignal.io/briefs/2026-05-ultimate-form-builder-sqli/","summary":"WordPress Ultimate Form Builder Lite plugin version 1.3.7 and below contains an SQL injection vulnerability (CVE-2018-25352) that allows authenticated attackers to manipulate database queries by injecting SQL code through the entry_id POST parameter, potentially leading to privilege escalation.","title":"WordPress Ultimate Form Builder Lite Plugin SQL Injection Vulnerability","url":"https://feed.craftedsignal.io/briefs/2026-05-ultimate-form-builder-sqli/"}],"language":"en","title":"CraftedSignal Threat Feed — CVE-2018-25352","version":"https://jsonfeed.org/version/1.1"}