CVE ID :CVE-2018-25352 Published : May 23, 2026, 6:30 p.m. | 1 hour, 50 minutes ago Description :WordPress Ultimate Form Builder Lite plugin version 1.3.7 and below contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the entry_id POST parameter. Attackers can send POST requests to the admin-ajax.php endpoint with the ufbl_get_entry_detail_action action to extract, modify, or escalate privileges within the WordPress database. Severity: 7.1 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...