VYPR

Ultimate Form Builder Lite

by Accesspress Themes

Source repositories

CVEs (2)

  • CVE-2017-15919CriOct 26, 2017
    risk 0.64cvss 9.8epss 0.02

    The ultimate-form-builder-lite plugin before 1.3.7 for WordPress has SQL Injection, with resultant PHP Object Injection, via wp-admin/admin-ajax.php.

  • CVE-2018-25352HigMay 23, 2026
    risk 0.46cvss 7.1epss 0.00

    WordPress Ultimate Form Builder Lite plugin version 1.3.7 and below contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the entry_id POST parameter. Attackers can send POST requests to the…