Known Vulnerabilities for products from Web-Dorado
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Web-Dorado".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2023-48320 json | 4.8 - MEDIUM | 2023-11-30 | 2023-12-06 | |
| CVE-2023-46619 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 8.8 - HIGH | 2023-11-13 | 2023-11-17 |
| CVE-2023-46090 json | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WebDorado WDSocialWidgets plugin <= 1.0.15 versions. | 6.1 - MEDIUM | 2023-10-26 | 2023-11-03 |
| CVE-2023-45632 json | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WebDorado SpiderVPlayer plugin <= 1.5.22 versions. | 6.1 - MEDIUM | 2023-10-18 | 2023-10-25 |
| CVE-2023-5709 json | The WD WidgetTwitter plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and in... | Not Provided | 2023-11-07 | 2026-04-08 |
| CVE-2023-5048 json | The WDContactFormBuilder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Contact_Form_Builder' sho... | Not Provided | 2023-11-22 | 2026-04-08 |
| CVE-2023-2655 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 7.2 - HIGH | 2024-01-16 | 2024-01-23 |
| CVE-2021-24625 json | The SpiderCatalog WordPress plugin through 1.7.3 does not sanitise or escape the 'parent' and 'ordering' parameters from the ... | 7.2 - HIGH | 2021-11-08 | 2021-11-10 |
| CVE-2021-24426 json | The Backup by 10Web – Backup and Restore Plugin WordPress plugin through 1.0.20 does not sanitise or escape the tab paramet... | 4.8 - MEDIUM | 2021-07-12 | 2023-11-07 |
| CVE-2019-11591 json | The WebDorado Contact Form plugin before 1.13.5 for WordPress allows CSRF via the wp-admin/admin-ajax.php action parameter, w... | 8.8 - HIGH | 2019-04-29 | 2023-02-27 |
| CVE-2019-11557 json | The WebDorado Contact Form Builder plugin before 1.0.69 for WordPress allows CSRF via the wp-admin/admin-ajax.php action para... | 8.8 - HIGH | 2019-04-26 | 2023-02-27 |
| CVE-2018-16164 json | Cross-site scripting vulnerability in Event Calendar WD version 1.1.21 and earlier allows remote authenticated attackers to i... | 5.4 - MEDIUM | 2019-01-09 | 2019-01-16 |
| CVE-2018-10504 json | The WebDorado "Form Maker by WD" plugin before 1.12.24 for WordPress allows CSV injection. | 7.8 - HIGH | 2018-04-27 | 2020-08-24 |
| CVE-2018-10301 json | Cross-site scripting (XSS) vulnerability in the Web-Dorado Instagram Feed WD plugin before 1.3.1 Premium for WordPress allows... | 6.1 - MEDIUM | 2018-04-23 | 2023-11-07 |
| CVE-2018-10300 json | Cross-site scripting (XSS) vulnerability in the Web-Dorado Instagram Feed WD plugin before 1.3.1 for WordPress allows remote ... | 6.1 - MEDIUM | 2018-04-23 | 2023-11-07 |
| CVE-2018-5991 json | SQL Injection exists in the Form Maker 3.6.12 component for Joomla! via the id, from, or to parameter in a view=stats request... | 9.8 - CRITICAL | 2018-02-17 | 2018-03-05 |
| CVE-2018-5981 json | SQL Injection exists in the Gallery WD 1.3.6 component for Joomla! via the tag_id parameter or gallery_id parameter. | 9.8 - CRITICAL | 2018-02-17 | 2018-03-02 |
| CVE-2017-7719 json | SQL injection in the Spider Event Calendar (aka spider-event-calendar) plugin before 1.5.52 for WordPress is exploitable with... | Not Provided | 2017-04-12 | 2025-04-20 |
| CVE-2017-2224 json | Cross-site scripting vulnerability in Event Calendar WD prior to version 1.0.94 allows remote attackers to inject arbitrary w... | Not Provided | 2017-07-07 | 2025-04-20 |
| CVE-2015-4352 json | Cross-site request forgery (CSRF) vulnerability in the Spider Video Player module for Drupal allows remote attackers to hijac... | Not Provided | 2015-06-15 | 2026-05-06 |
Known software with vulnerabilities from Web-Dorado
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Web-dorado | Contact Form | 1.13.5 |
| Application | Web-dorado | Contact Form Maker | 1.0.1 |
| Application | Web-dorado | Ecommerce Wd | 1.2.5 |
| Application | Web-dorado | Event Calendar Wd | 1.0.0 |
| Application | Web-dorado | Form Maker | 3.6.12 |
| Application | Web-dorado | Gallery Wd | 1.3.6 |
| Application | Web-dorado | Photo Gallery | 1.0.1 |
| Application | Web-dorado | Spider Calendar | 1.4.9 |
| Application | Web-dorado | Spider Catalog | 6.x-1.0 |
| Application | Web-dorado | Spider Event Calendar | 1.0.0 |
| Application | Web-dorado | Spider Facebook | 1.0.10 |
| Application | Web-dorado | Web-dorado Spider Video Player | 1.4.7 |
| Application | Web-dorado | Wp Form Builder | 1.0.0 |