Formcraft3 <3.8.28 - Server-Side Request Forgery

Formcraft3 before version 3.8.2 does not validate the URL parameter in the formcraft3get AJAX action, leading to server-side request forgery issues exploitable by unauthenticated users. id: CVE-2022-0591 info: name: Formcraft3 3.8.28 - Server-Side Request Forgery author: Akincibor,j4vaovo severit...

CVE-2017-18600

The formcraft3 plugin before 3.4 for WordPress has stored XSS via the "New Form Heading Heading Text" field...

EUVD-2017-9713

Malware in sbrugna...

CVE-2022-0591 Formcraft3 < 3.8.28 - Unauthenticated SSRF

The FormCraft WordPress plugin before 3.8.28 does not validate the URL parameter in the formcraft3get AJAX action, leading to SSRF issues exploitable by unauthenticated users...

Formcraft3 < 3.8.28 - Unauthenticated SSRF

The plugin does not validate the URL parameter in the formcraft3get AJAX action, leading to SSRF issues exploitable by unauthenticated users PoC https://example.com/wp-admin/admin-ajax.php?action=formcraft3get=https://wpscan.com...

WordPress Formcraft3 premium plugin <= 3.8.27 - Unauthenticated Server-Side Request Forgery (SSRF) vulnerability

Unauthenticated Server-Side Request Forgery SSRF vulnerability discovered by Brandon James Roldan in WordPress Formcraft3 premium plugin versions = 3.8.27. Solution Update the WordPress Formcraft3 premium plugin to the latest available version at least 3.8.28...

Formcraft3 < 3.8.28 - Unauthenticated SSRF

The plugin does not validate the URL parameter in the formcraft3get AJAX action, leading to SSRF issues exploitable by unauthenticated users https://example.com/wp-admin/admin-ajax.php?action=formcraft3get&URL=https://wpscan.com...

formcraft3 plugin for WordPress cross-site scripting vulnerability

formcraft3 plugin for WordPress is a drag and drop form builder plugin for use in WordPress. A cross-site scripting vulnerability exists in formcraft3 plugin for WordPress versions prior to 3.4. The vulnerability stems from the WEB application failing to properly validate client-side data. An...

CVE-2017-18600

The formcraft3 plugin before 3.4 for WordPress has stored XSS via the "New Form Heading Heading Text" field...

CVE-2017-18600

The formcraft3 plugin before 3.4 for WordPress has stored XSS via the "New Form Heading Heading Text" field...

Design/Logic Flaw

The formcraft3 plugin before 3.4 for WordPress has stored XSS via the "New Form Heading Heading Text" field...

CVE-2017-18600

The formcraft3 plugin before 3.4 for WordPress has stored XSS via the "New Form Heading Heading Text" field...

CVE-2017-18600

The CVE-2017-18600 entry describes a stored XSS vulnerability in the FormCraft3 WordPress plugin prior to version 3.4, specifically via the New Form &gt; Heading &gt; Heading Text field. The root cause is insufficient validation/ sanitization of client-side data, allowing injected script to run w...