WordPress plugin FormCraft 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

WordPress FormCraft Plugin <= 1.2.9 is vulnerable to Cross Site Scripting (XSS)

Software FormCraft Type Plugin Vulnerable versions = 1.2.9 Fixed in 1.2.10 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-22717 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 2506902e7f8e Credits István Márton Required...

FormCraft <= 1.2.6 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

WordPress FormCraft plugin cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. FormCraft is one of the form creation plugins used in it. WordPress plugin is an application plugin. WordPress FormCraft plugin versions prior to 1.2.6...

CVE-2022-1647

The FormCraft WordPress plugin before 1.2.6 does not sanitise and escape Field Labels, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

CVE-2022-1647

The FormCraft WordPress plugin before 1.2.6 does not sanitise and escape Field Labels, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

CVE-2022-1647

The FormCraft WordPress plugin before 1.2.6 does not sanitise and escape Field Labels, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

Cross site scripting

The FormCraft WordPress plugin before 1.2.6 does not sanitise and escape Field Labels, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

WordPress plugin FormCraft 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. FormCraft is one of the form creation plugins used in it. WordPress plugin is an application plugin. WordPress FormCraft plugin versions prior to 1.2.6...

CVE-2022-1647

CVE-2022-1647 affects the WordPress FormCraft Basic plugin (versions before 1.2.6). The root cause is failure to sanitize/escape Field Labels, enabling stored XSS by high-privilege users (e.g., admins) when saving labels. Exploitation results in JavaScript execution in pages/posts that embed the ...

CVE-2022-1647 FormCraft Basic < 1.2.6 - Admin+ Stored Cross Site Scripting

The FormCraft WordPress plugin before 1.2.6 does not sanitise and escape Field Labels, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

FormCraft Basic < 1.2.6 - Admin+ Stored Cross Site Scripting

The plugin does not sanitise and escape Field Labels, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. Put the following payload into a Field Label and save: The XSS will be triggered when accessing the form...

FormCraft Basic < 1.2.6 - Admin+ Stored Cross Site Scripting

The plugin does not sanitise and escape Field Labels, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. PoC Put the following payload into a Field Label and save: The XSS will be triggered when accessing the...

WordPress FormCraft Basic plugin <= 1.2.5 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by Chiragh Arora in WordPress FormCraft Basic plugin versions = 1.2.5. Solution Update the WordPress FormCraft Basic plugin to the latest available version at least 1.2.6...

CVE-2022-0591

The FormCraft WordPress plugin before 3.8.28 does not validate the URL parameter in the formcraft3get AJAX action, leading to SSRF issues exploitable by unauthenticated users...

CVE-2022-0591

The FormCraft WordPress plugin before 3.8.28 does not validate the URL parameter in the formcraft3get AJAX action, leading to SSRF issues exploitable by unauthenticated users...

CVE-2022-0591

The FormCraft WordPress plugin before 3.8.28 does not validate the URL parameter in the formcraft3get AJAX action, leading to SSRF issues exploitable by unauthenticated users...

Design/Logic Flaw

The FormCraft WordPress plugin before 3.8.28 does not validate the URL parameter in the formcraft3get AJAX action, leading to SSRF issues exploitable by unauthenticated users...

CVE-2022-0591

FormCraft3 WordPress plugin versions prior to 3.8.28 are affected by an SSRF vulnerability. The issue stems from the formcraft3_get AJAX action not validating the URL parameter, allowing unauthenticated users to trigger server-side requests. Impact is described as SSRF with potential access to in...

WordPress plugin FormCraft 代码问题漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an open source application plugin for WordPress. A code issue vulnerability previously existed in the WordPres...