← Back

Formcraft3

formcraft3

Vendor: Subtlewebinc • 1 CVE

CVEs (1)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2022-0591
1Subtlewebinc
1Formcraft3
Nov 21, 2024
Mar 21, 2022
N/A· v4
9.1 CRITICAL· v3
6.4 MEDIUM· v2
The FormCraft WordPress plugin before 3.8.28 does not validate the URL parameter in the formcraft3_get AJAX action, leading to SSRF issues exploitable by unauthenticated users