cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2023-3501,https://securityvulnerability.io/vulnerability/CVE-2023-3501,FormCraft < 1.2.7 - Admin+ Stored XSS,"The FormCraft WordPress plugin before 1.2.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).",Wordpress,FormCraft,4.8,MEDIUM,0.0005200000014156103,false,,false,false,false,,false,false,2023-08-30T15:15:00.000Z,0
CVE-2023-2592,https://securityvulnerability.io/vulnerability/CVE-2023-2592,FormCraft Premium < 3.9.7 - Admin+ SQLi,"The FormCraft WordPress plugin prior to version 3.9.7 suffers from a SQL injection vulnerability due to inadequate sanitization and escaping of user-supplied parameters. This flaw allows high privilege users, such as administrators, to exploit the vulnerability, potentially compromising the integrity and security of the database. It is essential for users of the affected plugin to upgrade to the latest version and review their security posture to protect against potential threats.",Wordpress,Formcraft,7.2,HIGH,0.0009399999980814755,false,,false,false,false,,false,false,2023-06-27T14:15:00.000Z,0
CVE-2022-1647,https://securityvulnerability.io/vulnerability/CVE-2022-1647,FormCraft Basic < 1.2.6 - Admin+ Stored Cross Site Scripting,"The FormCraft WordPress plugin before 1.2.6 does not sanitise and escape Field Labels, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.",Wordpress,Formcraft – Contact Form Builder For WordPress,4.8,MEDIUM,0.000539999979082495,false,,false,false,false,,false,false,2022-06-06T08:51:13.000Z,0
CVE-2022-0591,https://securityvulnerability.io/vulnerability/CVE-2022-0591,Formcraft3 < 3.8.28 - Unauthenticated SSRF,"The FormCraft WordPress plugin before 3.8.28 does not validate the URL parameter in the formcraft3_get AJAX action, leading to SSRF issues exploitable by unauthenticated users",Wordpress,Formcraft,9.1,CRITICAL,0.026920000091195107,false,,false,false,true,true,false,false,2022-03-21T18:55:48.000Z,0
CVE-2017-18600,https://securityvulnerability.io/vulnerability/CVE-2017-18600,,"The formcraft3 plugin before 3.4 for WordPress has stored XSS via the ""New Form > Heading > Heading Text"" field.",Wordpress,Formcraft,5.4,MEDIUM,0.0005000000237487257,false,,false,false,false,,false,false,2019-09-10T11:01:21.000Z,0
CVE-2019-15114,https://securityvulnerability.io/vulnerability/CVE-2019-15114,,The formcraft-form-builder plugin before 1.2.2 for WordPress has CSRF.,Wordpress,Formcraft,8.8,HIGH,0.0010400000028312206,false,,false,false,false,,false,false,2019-08-16T20:18:44.000Z,0
CVE-2017-13137,https://securityvulnerability.io/vulnerability/CVE-2017-13137,,The FormCraft Basic plugin 1.0.5 for WordPress has SQL injection in the id parameter to form.php.,Wordpress,Formcraft,9.8,CRITICAL,0.00546000013127923,false,,false,false,false,,false,false,2017-08-23T14:00:00.000Z,0
CVE-2013-7187,https://securityvulnerability.io/vulnerability/CVE-2013-7187,,SQL injection vulnerability in form.php in the FormCraft plugin 1.3.7 and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter.,Wordpress,Formcraft,,,0.001829999964684248,false,,false,false,false,,false,false,2013-12-20T23:00:00.000Z,0