2019-08-22 15:15:12 2019-08-23 20:51:39

The cforms2 plugin before 14.13 for WordPress has SQL injection in the tracking DB GUI via Delete Entries or Download Entries.