3 matches found
CVE-2023-2592
CVE-2023-2592 affects FormCraft Premium for WordPress, prior to version 3.9.7. Root cause: improper sanitization/escaping of a parameter before using it in an SQL statement. Impact: SQL injection that is exploitable by high-privilege users (e.g., admin). Mitigation: update to 3.9.7 or later (vuln...
CVE-2023-2592 FormCraft Premium < 3.9.7 - Admin+ SQLi
The FormCraft WordPress plugin before 3.9.7 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin...
WordPress FormCraft Plugin < 3.9.7 is vulnerable to SQL Injection
Software FormCraft Type Plugin Vulnerable versions 3.9.7 Fixed in 3.9.7 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-2592 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 4553fd584eff Credits Chien Vuong Required privilege Administrator Published 22...