What is CVE-2022-0591?

CVE-2022-0591 is a vulnerability in Formcraft, classified under Server-Side Request Forgery (SSRF). Published 2022-03-21.

Is CVE-2022-0591 known to be exploited?

6 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

SSRF in Formcraft

CVE-2022-0591

The FormCraft WordPress plugin before 3.8.28 does not validate the URL parameter in the formcraft3_get AJAX action, leading to SSRF issues exploitable by unauthenticated users

Vulnerability class: SSRF (Server-Side Request Forgery)

EPSS: 0.879 (99.5th percentile) — read the EPSS interpretation.

Affected products

Unknown Formcraft — versions 3.8.28

Weakness classification (CWE)

CWE-918 — Server-Side Request Forgery (SSRF)

Public proof-of-concept exploits

im-hanzou/FC3er
20142995/nuclei-templates
20142995/sectool
ARPSyndicate/cvemon
ARPSyndicate/kenzer-templates
nomi-sec/PoC-in-GitHub

References

wpscan.com/vulnerability/b5303e63-d640-4178-9237-d0f524b13d47 (x_refsource_MISC)

Frequently asked questions

What is CVE-2022-0591?: CVE-2022-0591 is a vulnerability in Formcraft, classified under Server-Side Request Forgery (SSRF). Published 2022-03-21.
Is CVE-2022-0591 known to be exploited?: 6 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.