CVE-2019-25734

MEDIUM SEVERITY

CVSS Score & Metrics

Base Score

4.0 / 10

Vector String

                                        CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N                                    

Vulnerability Description

Contact Form by WD 1.13.1 contains a cross-site request forgery vulnerability combined with local file inclusion that allows unauthenticated attackers to include arbitrary files by exploiting unsanitized action parameters. Attackers can craft malicious forms targeting the admin-ajax.php endpoint with directory traversal sequences in the GET action parameter to load files via CSRF, bypassing authentication on vulnerable AJAX actions.

Vulnerability Details

Published Date

June 04, 2026

Last Modified

June 04, 2026

CWE ID

CWE-22

Source

NVD

Vendor

Web-Dorado

Product

Contact Form Maker

External References

http://web-dorado.com/
https://wordpress.org/plugins/contact-form-maker
https://www.exploit-db.com/exploits/46661
https://www.vulncheck.com/advisories/contact-form-by-wd-csrf-to-local-file-inclusion

CVE-2019-25734

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment