High severity7.1NVD Advisory· Published May 23, 2026· Updated May 26, 2026
CVE-2018-25352
CVE-2018-25352
Description
WordPress Ultimate Form Builder Lite plugin version 1.3.7 and below contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the entry_id POST parameter. Attackers can send POST requests to the admin-ajax.php endpoint with the ufbl_get_entry_detail_action action to extract, modify, or escalate privileges within the WordPress database.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1- Range: <=1.3.7
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.