FormCraft Basic < 1.2.6 - Admin+ Stored Cross Site Scripting

The plugin does not sanitise and escape Field Labels, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. Put the following payload into a Field Label and save: The XSS will be triggered when accessing the form...

FormCraft Basic < 1.2.6 - Admin+ Stored Cross Site Scripting

The plugin does not sanitise and escape Field Labels, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. PoC Put the following payload into a Field Label and save: The XSS will be triggered when accessing the...

WordPress FormCraft Basic Plugin SQL Injection Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language , the platform supports PHP and MySQL servers to set up a personal blog site . FormCraft Basic plugin is one of the form creation plugin . A SQL injection vulnerability exists in version 1.0...

Sql injection

The FormCraft Basic plugin 1.0.5 for WordPress has SQL injection in the id parameter to form.php...

CVE-2017-13137

The FormCraft Basic plugin 1.0.5 for WordPress has SQL injection in the id parameter to form.php...

CVE-2017-13137

The FormCraft Basic plugin 1.0.5 for WordPress has SQL injection in the id parameter to form.php...

WordPress FormCraft Basic 1.0.5 SQL Injection

Exploit Title: FormCraft Basic v1.0.5 blind and header sql injection Google Dork: inurl: /formcraft -- inurl:formcraft/form.php Software Link: formcraft-wp.com Date: 05/07/2017 Exploit Author: Seyyed Amir Hossein Mir Hosseini Root & r0m3r0 Version: v1.0.5 Tested on: wordpress sites and CentOS...