49 matches found
CVE-2022-0591
The FormCraft WordPress plugin before 3.8.28 does not validate the URL parameter in the formcraft3get AJAX action, leading to SSRF issues exploitable by unauthenticated users...
EUVD-2013-6970
Malware in sbrugna...
EUVD-2019-6185
Malware in sbrugna...
EUVD-2017-4654
Malware in sbrugna...
EUVD-2025-4807
Malicious code in bioql PyPI...
EUVD-2025-4801
Malicious code in bioql PyPI...
EUVD-2023-34066
Malicious code in bioql PyPI...
EUVD-2023-44160
Malicious code in bioql PyPI...
CVE-2023-22717
Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in nCrafts FormCraft plugin = 1.2.6 versions...
CVE-2023-2592
The FormCraft WordPress plugin before 3.9.7 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin...
CVE-2022-1647
The FormCraft WordPress plugin before 1.2.6 does not sanitise and escape Field Labels, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2019-15114
The formcraft-form-builder plugin before 1.2.2 for WordPress has CSRF...
CVE-2024-13783
The FormCraft plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check in formcraft-main.php in all versions up to, and including, 3.9.11. This makes it possible for authenticated attackers, with Subscriber-level access and above, to export all plugin da...
CVE-2025-0817
The FormCraft plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.9.11 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pag...
CVE-2025-0817
The FormCraft plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.9.11 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pag...
CVE-2024-13783
The FormCraft plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check in formcraft-main.php in all versions up to, and including, 3.9.11. This makes it possible for authenticated attackers, with Subscriber-level access and above, to export all plugin da...
CVE-2024-13783
The FormCraft plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check in formcraft-main.php in all versions up to, and including, 3.9.11. This makes it possible for authenticated attackers, with Subscriber-level access and above, to export all plugin da...
CVE-2024-13783
CVE-2024-13783 affects the FormCraft WordPress plugin (all versions up to 3.9.11). The issue is a missing capability check in formcraft-main.php that allows authenticated users with Subscriber-level access and above to export all plugin data from form submissions. This is an unauthorized data acc...
CVE-2024-13783 FormCraft <= 3.9.11 - Missing Authorization to Plugin Data Export in formcraft-main.php
The FormCraft plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check in formcraft-main.php in all versions up to, and including, 3.9.11. This makes it possible for authenticated attackers, with Subscriber-level access and above, to export all plugin da...
CVE-2024-13783 FormCraft <= 3.9.11 - Missing Authorization to Plugin Data Export in formcraft-main.php
The FormCraft plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check in formcraft-main.php in all versions up to, and including, 3.9.11. This makes it possible for authenticated attackers, with Subscriber-level access and above, to export all plugin da...