CVE-2025-0817

The FormCraft plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.9.11 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pag...

CVE-2025-0817

The FormCraft plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.9.11 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pag...

CVE-2024-13783

The FormCraft plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check in formcraft-main.php in all versions up to, and including, 3.9.11. This makes it possible for authenticated attackers, with Subscriber-level access and above, to export all plugin da...

CVE-2024-13783

The FormCraft plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check in formcraft-main.php in all versions up to, and including, 3.9.11. This makes it possible for authenticated attackers, with Subscriber-level access and above, to export all plugin da...

CVE-2024-13783

CVE-2024-13783 affects the FormCraft WordPress plugin (all versions up to 3.9.11). The issue is a missing capability check in formcraft-main.php that allows authenticated users with Subscriber-level access and above to export all plugin data from form submissions. This is an unauthorized data acc...

CVE-2024-13783 FormCraft <= 3.9.11 - Missing Authorization to Plugin Data Export in formcraft-main.php

The FormCraft plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check in formcraft-main.php in all versions up to, and including, 3.9.11. This makes it possible for authenticated attackers, with Subscriber-level access and above, to export all plugin da...

CVE-2024-13783 FormCraft <= 3.9.11 - Missing Authorization to Plugin Data Export in formcraft-main.php

The FormCraft plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check in formcraft-main.php in all versions up to, and including, 3.9.11. This makes it possible for authenticated attackers, with Subscriber-level access and above, to export all plugin da...

CVE-2025-0817 FormCraft - Premium WordPress Form Builder <= 3.9.11 - Unauthenticated Stored Cross-Site Scripting via SVG File Upload

The FormCraft plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.9.11 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pag...

CVE-2025-0817

CVE-2025-0817 affects the WordPress plugin FormCraft (WordPress) and is a Stored Cross-Site Scripting vulnerability via SVG file uploads. Root cause: insufficient input sanitization and output escaping for SVG uploads in all versions up to 3.9.11. Impact: unauthenticated attackers can inject web ...

CVE-2025-0817 FormCraft - Premium WordPress Form Builder <= 3.9.11 - Unauthenticated Stored Cross-Site Scripting via SVG File Upload

The FormCraft plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.9.11 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pag...

WordPress FormCraft plugin <= 3.9.11 - Missing Authorization to Plugin Data Export in formcraft-main.php vulnerability

Missing Authorization to Plugin Data Export in formcraft-main.php vulnerability discovered by Nguyễn Trung Kiên in WordPress Plugin FormCraft 3 versions = 3.9.11...

WordPress FormCraft - Premium WordPress Form Builder plugin <= 3.9.11 - Unauthenticated Stored Cross-Site Scripting via SVG File Upload vulnerability

WordPress FormCraft - Premium WordPress Form Builder plugin = 3.9.11 - Unauthenticated Stored Cross-Site Scripting via SVG File Upload vulnerability discovered by shaman0x01 in WordPress Plugin FormCraft 3 versions = 3.9.11...

PT-2025-6610 · WordPress · Formcraft

Name of the Vulnerable Software and Affected Versions: FormCraft plugin for WordPress versions up to and including 3.9.11 Description: The issue arises from a missing capability check in formcraft-main.php, allowing authenticated attackers with Subscriber-level access and above to export all plug...

WordPress plugin FormCraft 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

WordPress plugin FormCraft 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

CVE-2023-47823

Missing Authorization vulnerability in nCrafts FormCraft allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FormCraft: from n/a through 1.2.7...

CVE-2023-47823 WordPress FormCraft – Contact Form Builder for WordPress plugin <= 1.2.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in nCrafts FormCraft allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FormCraft: from n/a through 1.2.7...

CVE-2023-47823 WordPress FormCraft – Contact Form Builder for WordPress plugin <= 1.2.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in Formcrafts FormCraft formcraft-form-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FormCraft: from n/a through = 1.2.7...

PT-2024-13504 · Ncrafts · Formcraft

Name of the Vulnerable Software and Affected Versions: nCrafts FormCraft versions 1.2.7 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. Recommendations: For versions 1.2.7 and...

WordPress plugin FormCraft 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...