RSS   Vulnerabilities for 'Formcraft'   RSS

2022-06-08
 
CVE-2022-1647

CWE-79
 

 
The FormCraft WordPress plugin before 1.2.6 does not sanitise and escape Field Labels, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.

 
2019-09-10
 
CVE-2017-18600

CWE-79
 

 
The formcraft3 plugin before 3.4 for WordPress has stored XSS via the "New Form > Heading > Heading Text" field.

 
2019-08-16
 
CVE-2019-15114

CWE-352
 

 
The formcraft-form-builder plugin before 1.2.2 for WordPress has CSRF.

 
2019-03-12
 
CVE-2019-5920

 

 
Cross-site request forgery (CSRF) vulnerability in FormCraft 1.2.1 and earlier allows remote attackers to hijack the authentication of administrators via a specially crafted page.

 
2013-12-20
 
CVE-2013-7187

CWE-89
 

 
SQL injection vulnerability in form.php in the FormCraft plugin 1.3.7 and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter.

 


Copyright 2024, cxsecurity.com

 

Back to Top