Formcraft3 <3.8.28 - Server-Side Request Forgery

Formcraft3 before version 3.8.2 does not validate the URL parameter in the formcraft3get AJAX action, leading to server-side request forgery issues exploitable by unauthenticated users. id: CVE-2022-0591 info: name: Formcraft3 3.8.28 - Server-Side Request Forgery author: Akincibor,j4vaovo severit...

CVE-2017-18600

The formcraft3 plugin before 3.4 for WordPress has stored XSS via the "New Form Heading Heading Text" field...

EUVD-2017-9713

Malware in sbrugna...

CVE-2022-0591 Formcraft3 < 3.8.28 - Unauthenticated SSRF

The FormCraft WordPress plugin before 3.8.28 does not validate the URL parameter in the formcraft3get AJAX action, leading to SSRF issues exploitable by unauthenticated users...

WordPress Formcraft3 premium plugin <= 3.8.27 - Unauthenticated Server-Side Request Forgery (SSRF) vulnerability

Unauthenticated Server-Side Request Forgery SSRF vulnerability discovered by Brandon James Roldan in WordPress Formcraft3 premium plugin versions = 3.8.27. Solution Update the WordPress Formcraft3 premium plugin to the latest available version at least 3.8.28...

Formcraft3 < 3.8.28 - Unauthenticated SSRF

The plugin does not validate the URL parameter in the formcraft3get AJAX action, leading to SSRF issues exploitable by unauthenticated users PoC https://example.com/wp-admin/admin-ajax.php?action=formcraft3get=https://wpscan.com...

Formcraft3 < 3.8.28 - Unauthenticated SSRF

The plugin does not validate the URL parameter in the formcraft3get AJAX action, leading to SSRF issues exploitable by unauthenticated users https://example.com/wp-admin/admin-ajax.php?action=formcraft3get&URL=https://wpscan.com...

formcraft3 plugin for WordPress cross-site scripting vulnerability

formcraft3 plugin for WordPress is a drag and drop form builder plugin for use in WordPress. A cross-site scripting vulnerability exists in formcraft3 plugin for WordPress versions prior to 3.4. The vulnerability stems from the WEB application failing to properly validate client-side data. An...

CVE-2017-18600

The formcraft3 plugin before 3.4 for WordPress has stored XSS via the "New Form Heading Heading Text" field...

CVE-2017-18600

The formcraft3 plugin before 3.4 for WordPress has stored XSS via the "New Form Heading Heading Text" field...

Design/Logic Flaw

The formcraft3 plugin before 3.4 for WordPress has stored XSS via the "New Form Heading Heading Text" field...

CVE-2017-18600

The CVE-2017-18600 entry describes a stored XSS vulnerability in the FormCraft3 WordPress plugin prior to version 3.4, specifically via the New Form &gt; Heading &gt; Heading Text field. The root cause is insufficient validation/ sanitization of client-side data, allowing injected script to run w...

CVE-2017-18600

The formcraft3 plugin before 3.4 for WordPress has stored XSS via the "New Form Heading Heading Text" field...