Known Vulnerabilities for products from Web-dorado
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Web-dorado".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2021-24625 | The SpiderCatalog WordPress plugin through 1.7.3 does not sanitise or escape the 'parent' and 'ordering' parameters from the ... | 7.2 - HIGH | 2021-11-08 | 2021-11-10 |
| CVE-2021-24426 | The Backup by 10Web – Backup and Restore Plugin WordPress plugin through 1.0.20 does not sanitise or escape the tab paramet... | 4.8 - MEDIUM | 2021-07-12 | 2023-11-07 |
| CVE-2019-11591 | The WebDorado Contact Form plugin before 1.13.5 for WordPress allows CSRF via the wp-admin/admin-ajax.php action parameter, w... | 8.8 - HIGH | 2019-04-29 | 2023-02-27 |
| CVE-2019-11557 | The WebDorado Contact Form Builder plugin before 1.0.69 for WordPress allows CSRF via the wp-admin/admin-ajax.php action para... | 8.8 - HIGH | 2019-04-26 | 2023-02-27 |
| CVE-2018-16164 | Cross-site scripting vulnerability in Event Calendar WD version 1.1.21 and earlier allows remote authenticated attackers to i... | 5.4 - MEDIUM | 2019-01-09 | 2019-01-16 |
| CVE-2018-10504 | The WebDorado "Form Maker by WD" plugin before 1.12.24 for WordPress allows CSV injection. | 7.8 - HIGH | 2018-04-27 | 2020-08-24 |
| CVE-2018-10301 | Cross-site scripting (XSS) vulnerability in the Web-Dorado Instagram Feed WD plugin before 1.3.1 Premium for WordPress allows... | 6.1 - MEDIUM | 2018-04-23 | 2023-11-07 |
| CVE-2018-10300 | Cross-site scripting (XSS) vulnerability in the Web-Dorado Instagram Feed WD plugin before 1.3.1 for WordPress allows remote ... | 6.1 - MEDIUM | 2018-04-23 | 2023-11-07 |
| CVE-2018-5991 | SQL Injection exists in the Form Maker 3.6.12 component for Joomla! via the id, from, or to parameter in a view=stats request... | 9.8 - CRITICAL | 2018-02-17 | 2018-03-05 |
| CVE-2018-5981 | SQL Injection exists in the Gallery WD 1.3.6 component for Joomla! via the tag_id parameter or gallery_id parameter. | 9.8 - CRITICAL | 2018-02-17 | 2018-03-02 |
| CVE-2017-7719 | SQL injection in the Spider Event Calendar (aka spider-event-calendar) plugin before 1.5.52 for WordPress is exploitable with... | 9.8 - CRITICAL | 2017-04-12 | 2017-04-20 |
| CVE-2017-2224 | Cross-site scripting vulnerability in Event Calendar WD prior to version 1.0.94 allows remote attackers to inject arbitrary w... | 6.1 - MEDIUM | 2017-07-07 | 2017-07-17 |
| CVE-2015-4352 | Cross-site request forgery (CSRF) vulnerability in the Spider Video Player module for Drupal allows remote attackers to hijac... | 5.8 - MEDIUM | 2015-06-15 | 2016-06-09 |
| CVE-2015-4351 | The Spider Video Player module for Drupal allows remote authenticated users with the "access Spider Video Player administrati... | 4.9 - MEDIUM | 2015-06-15 | 2016-06-09 |
| CVE-2015-4350 | Multiple cross-site request forgery (CSRF) vulnerabilities in the Spider Catalog module for Drupal allow remote attackers to ... | 6.8 - MEDIUM | 2015-06-15 | 2016-06-09 |
| CVE-2015-2798 | SQL injection vulnerability in Joomla! Component Contact Form Maker 1.0.1 allows remote attackers to execute arbitrary SQL co... | 9.8 - CRITICAL | 2017-07-25 | 2017-08-10 |
| CVE-2015-2562 | Multiple SQL injection vulnerabilities in the Web-Dorado ECommerce WD (com_ecommercewd) component 1.2.5 for Joomla! allow rem... | 7.5 - HIGH | 2015-03-20 | 2016-12-03 |
| CVE-2015-2196 | SQL injection vulnerability in Spider Event Calendar 1.4.9 for WordPress allows remote attackers to execute arbitrary SQL com... | 7.5 - HIGH | 2015-03-03 | 2015-03-04 |
| CVE-2015-1582 | Multiple cross-site scripting (XSS) vulnerabilities in the Spider Facebook plugin before 1.0.11 for WordPress allow (1) remot... | 4.3 - MEDIUM | 2015-02-11 | 2015-02-12 |
| CVE-2014-8584 | Cross-site scripting (XSS) vulnerability in the Web Dorado Spider Video Player (aka WordPress Video Player) plugin before 1.5... | 4.3 - MEDIUM | 2014-11-04 | 2014-12-11 |
Known software with vulnerabilities from Web-dorado
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Web-dorado | Contact Form | 1.13.5 |
| Application | Web-dorado | Contact Form Maker | 1.0.1 |
| Application | Web-dorado | Ecommerce Wd | 1.2.5 |
| Application | Web-dorado | Event Calendar Wd | 1.0.0 |
| Application | Web-dorado | Form Maker | 3.6.12 |
| Application | Web-dorado | Gallery Wd | 1.3.6 |
| Application | Web-dorado | Photo Gallery | 1.0.1 |
| Application | Web-dorado | Spider Calendar | 1.4.9 |
| Application | Web-dorado | Spider Catalog | 6.x-1.0 |
| Application | Web-dorado | Spider Event Calendar | 1.0.0 |
| Application | Web-dorado | Spider Facebook | 1.0.10 |
| Application | Web-dorado | Web-dorado Spider Video Player | 1.4.7 |
| Application | Web-dorado | Wp Form Builder | 1.0.0 |