SQL Injection in Ncrafts Formcraft

CVE-2013-7187

SQL injection vulnerability in form.php in the FormCraft plugin 1.3.7 and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter.

Vulnerability class: SQL Injection

EPSS: 0.048 (90.8th percentile) — read the EPSS interpretation.

Affected products

Weakness classification (CWE)

Public proof-of-concept exploits

References

Frequently asked questions

What is CVE-2013-7187?
CVE-2013-7187 is a vulnerability in Ncrafts Formcraft, classified under SQL Injection. Published 2013-12-20.
Is CVE-2013-7187 known to be exploited?
1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.