CVE-2024-43157

Missing Authorization vulnerability in nCrafts FormCraft allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FormCraft: from n/a through 1.2.10...

CVE-2024-43157

Missing Authorization vulnerability in nCrafts FormCraft allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FormCraft: from n/a through 1.2.10...

CVE-2024-43157 WordPress FormCraft plugin <= 1.2.10 - Broken Access Control vulnerability

Missing Authorization vulnerability in nCrafts FormCraft allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FormCraft: from n/a through 1.2.10...

CVE-2024-43157

CVE-2024-43157 (WordPress FormCraft) is documented in multiple sources with concrete technical details in connected docs: FormCraft (WordPress Form Builder) versions 1.2.10 and earlier are affected by a Missing Authorization vulnerability due to incorrectly configured access control. The issue is...

CVE-2024-43157 WordPress FormCraft plugin <= 1.2.10 - Broken Access Control vulnerability

Missing Authorization vulnerability in nCrafts FormCraft allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FormCraft: from n/a through 1.2.10...

WordPress plugin FormCraft 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

PT-2024-30348 · Ncrafts · Formcraft

Name of the Vulnerable Software and Affected Versions: nCrafts FormCraft versions 1.2.10 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. Recommendations: For versions 1.2.10 and...

WordPress FormCraft plugin <= 1.2.10 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Manab Jyoti Dowarah Patchstack Alliance in WordPress Plugin FormCraft versions = 1.2.10...

WordPress FormCraft Plugin <= 1.2.10 is vulnerable to Broken Access Control

Software FormCraft Type Plugin Vulnerable versions = 1.2.10 Fixed in 1.2.11 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-43157 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 1cdc8206182d Credits Manab Jyoti Dowarah Required...

SUSE CVE-2023-3501

The FormCraft WordPress plugin before 1.2.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

FormCraft < 1.2.8 - Missing Authorization via formcraft_nag_update

Description The FormCraft plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the formcraftnagupdate AJAX nopriv function in versions up to, and including, 1.2.7. This makes it possible for unauthenticated attackers to delay or disable upda...

WordPress FormCraft Plugin <= 1.2.7 is vulnerable to Broken Access Control

Software FormCraft Type Plugin Vulnerable versions = 1.2.7 Fixed in 1.2.8 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-47823 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID b3e4d71e8cf4 Credits Abdi Pranata Required privilege...

VulnCheck KEV: CVE-2022-0591

The FormCraft WordPress plugin before 3.8.28 does not validate the URL parameter in the formcraft3get AJAX action, leading to SSRF issues exploitable by unauthenticated users...

CVE-2023-3501

The FormCraft WordPress plugin before 1.2.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2023-3501

The FormCraft WordPress plugin before 1.2.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

Cross site scripting

The FormCraft WordPress plugin before 1.2.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2023-3501 FormCraft < 1.2.7 - Admin+ Stored XSS

The FormCraft WordPress plugin before 1.2.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2023-3501 FormCraft < 1.2.7 - Admin+ Stored XSS

The FormCraft WordPress plugin before 1.2.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2023-3501

CVE-2023-3501 affects the FormCraft WordPress plugin prior to 1.2.7. The issue is insufficient sanitisation/escaping of certain settings, enabling a Stored XSS by high-privilege users (e.g., admins) even when unfiltered_html is disallowed (such as in multisite). Reported impact is stored XSS with...

PT-2023-25093 · WordPress · Formcraft

Name of the Vulnerable Software and Affected Versions: FormCraft WordPress plugin versions prior to 1.2.7 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This can occur even when the unfiltered html capability is disallowed, for...