Formcraft

2 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2025-0817 HIGH This Week

The FormCraft plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.9.11 due to insufficient input sanitization and output. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS Formcraft PHP
NVD
CVSS 3.1
7.2
EPSS
0.6%
CVE-2024-13783 MEDIUM This Month

The FormCraft plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check in formcraft-main.php in all versions up to, and including, 3.9.11. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress PHP Authentication Bypass Formcraft
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-0817
EPSS 1% CVSS 7.2
HIGH This Week

The FormCraft plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.9.11 due to insufficient input sanitization and output. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS Formcraft +1
NVD
CVE-2024-13783
EPSS 0% CVSS 4.3
MEDIUM This Month

The FormCraft plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check in formcraft-main.php in all versions up to, and including, 3.9.11. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress PHP Authentication Bypass +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy