Ncrafts Formcraft

11 CVEs affecting Ncrafts Formcraft. Latest disclosed: 2025-02-18. Critical: 0, High: 4.

Top CVEs affecting Ncrafts Formcraft
CVESeverityScorePublishedSummary
CVE-2019-15114High8.82019-08-16The formcraft-form-builder plugin before 1.2.2 for WordPress has CSRF.
CVE-2019-5920High8.82019-03-12Cross-site request forgery (CSRF) vulnerability in FormCraft 1.2.1 and earlier allows remote attackers to hijack the authentication of administrators via a spe…
CVE-2025-0817High7.22025-02-18The FormCraft plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.9.11 due to insuff…
CVE-2023-2592High7.22023-06-27The FormCraft WordPress plugin before 3.9.7 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection ex…
CVE-2023-22717Medium6.52023-05-15Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in nCrafts FormCraft plugin <= 1.2.6 versions.
CVE-2017-18600Medium5.42019-09-10The formcraft3 plugin before 3.4 for WordPress has stored XSS via the "New Form > Heading > Heading Text" field.
CVE-2023-47823Medium5.32024-12-09Missing Authorization vulnerability in nCrafts FormCraft allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FormCraft…
CVE-2022-1647Medium4.82022-06-08The FormCraft WordPress plugin before 1.2.6 does not sanitise and escape Field Labels, allowing high privilege users such as admin to perform Cross-Site Script…
CVE-2024-13783Medium4.32025-02-18The FormCraft plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check in formcraft-main.php in all versions up to…
CVE-2024-43157Medium4.32024-11-01Missing Authorization vulnerability in nCrafts FormCraft allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FormCraft…
CVE-2013-71872013-12-20SQL injection vulnerability in form.php in the FormCraft plugin 1.3.7 and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via t…