7 matches found
FormCraft Basic < 1.2.6 - Admin+ Stored Cross Site Scripting
The plugin does not sanitise and escape Field Labels, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. PoC Put the following payload into a Field Label and save: The XSS will be triggered when accessing the...
FormCraft Basic < 1.2.6 - Admin+ Stored Cross Site Scripting
The plugin does not sanitise and escape Field Labels, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. Put the following payload into a Field Label and save: The XSS will be triggered when accessing the form...
WordPress FormCraft Basic Plugin SQL Injection Vulnerability
WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language , the platform supports PHP and MySQL servers to set up a personal blog site . FormCraft Basic plugin is one of the form creation plugin . A SQL injection vulnerability exists in version 1.0...
CVE-2017-13137
The FormCraft Basic plugin 1.0.5 for WordPress has SQL injection in the id parameter to form.php...
Sql injection
The FormCraft Basic plugin 1.0.5 for WordPress has SQL injection in the id parameter to form.php...
CVE-2017-13137
The FormCraft Basic plugin 1.0.5 for WordPress has SQL injection in the id parameter to form.php...
WordPress FormCraft Basic 1.0.5 SQL Injection
Exploit Title: FormCraft Basic v1.0.5 blind and header sql injection Google Dork: inurl: /formcraft -- inurl:formcraft/form.php Software Link: formcraft-wp.com Date: 05/07/2017 Exploit Author: Seyyed Amir Hossein Mir Hosseini Root & r0m3r0 Version: v1.0.5 Tested on: wordpress sites and CentOS...