WordPress plugin FormCraft 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site scripting vulnerability exists in the...

FormCraft < 1.2.7 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. There are two XSS issues: Example A: ...

FormCraft < 1.2.7 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC There are two XSS issues: Example...

CVE-2023-2592

The FormCraft WordPress plugin before 3.9.7 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin...

CVE-2023-2592

The FormCraft WordPress plugin before 3.9.7 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin...

Sql injection

The FormCraft WordPress plugin before 3.9.7 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin...

CVE-2023-2592

CVE-2023-2592 affects FormCraft Premium for WordPress, prior to version 3.9.7. Root cause: improper sanitization/escaping of a parameter before using it in an SQL statement. Impact: SQL injection that is exploitable by high-privilege users (e.g., admin). Mitigation: update to 3.9.7 or later (vuln...

CVE-2023-2592 FormCraft Premium < 3.9.7 - Admin+ SQLi

The FormCraft WordPress plugin before 3.9.7 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin...

CVE-2023-2592 FormCraft Premium < 3.9.7 - Admin+ SQLi

The FormCraft WordPress plugin before 3.9.7 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin...

PT-2023-20361 · WordPress · Formcraft

Name of the Vulnerable Software and Affected Versions: FormCraft WordPress plugin versions prior to 3.9.7 Description: The issue arises from improper sanitization and escaping of a parameter before its use in a SQL statement, resulting in a SQL injection that can be exploited by high-privilege...

WordPress plugin FormCraft Premium SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerability exist...

WordPress FormCraft Plugin < 3.9.7 is vulnerable to SQL Injection

Software FormCraft Type Plugin Vulnerable versions 3.9.7 Fixed in 3.9.7 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-2592 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 4553fd584eff Credits Chien Vuong Required privilege Administrator Published 22...

FormCraft Premium < 3.9.7 - Admin+ SQLi

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin. PoC 1. View the plugin settings and intercept the request and add the payload sortOrder=ASC%2cselectfromselectsleep20a 2...

FormCraft Premium < 3.9.7 - Admin+ SQLi

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin. 1. View the plugin settings and intercept the request and add the payload sortOrder=ASC%2cselectfromselectsleep20a 2. See...

CVE-2023-22717

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in nCrafts FormCraft plugin = 1.2.6 versions...

CVE-2023-22717

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in nCrafts FormCraft plugin = 1.2.6 versions...

CVE-2023-22717 WordPress FormCraft Plugin <= 1.2.6 is vulnerable to Cross Site Scripting (XSS)

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in nCrafts FormCraft plugin = 1.2.6 versions...

CVE-2023-22717 WordPress FormCraft Plugin <= 1.2.6 is vulnerable to Cross Site Scripting (XSS)

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in nCrafts FormCraft plugin = 1.2.6 versions...

CVE-2023-22717

CVE-2023-22717 is a stored Cross-Site Scripting (XSS) vulnerability in the WordPress plugin FormCraft (nCrafts FormCraft) , affecting versions up to and including 1.2.6 . The vulnerability requires at least a Contributor+ authentication level and can be triggered through stored input, leading to ...

PT-2023-18660 · Unknown · Ncrafts Formcraft

Name of the Vulnerable Software and Affected Versions: nCrafts FormCraft plugin versions 1.2.6 and earlier Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability. This vulnerability can be exploited by contributors or users with higher authentication levels. The...