FormCraft – Contact Form Builder for WordPress

Wordfence Intelligence > Vulnerability Database > WordPress Plugins > FormCraft – Contact Form Builder for WordPress

Information

Software Type	Plugin
Software Slug	formcraft-form-builder (view on wordpress.org)
Software Status	Active
Software Author	nishncraftsnet
Software Website	ncrafts.net
Software Downloads	99,395
Software Active Installs	4,000
Software Record Last Updated	October 2, 2023

8 vulnerabilities

FormCraft <= 1.2.6 - Authenticated (Admin+) Stored Cross-Site Scripting

4.4

CVE-2023-3501

Aug 2, 2023

Researcher: Sayandeep Dutta

FormCraft Premium <= 3.9.6 - Authenticated(Administrator+) SQL Injection

6.6

CVE-2023-2592

Jun 5, 2023

Researcher: Chien Vuong

FormCraft <= 1.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via fcb shortcode

6.4

CVE-2023-22717

Apr 19, 2023

Researcher: Lana Codes

FormCraft Basic <= 1.2.5 - Authenticated (Admin+) Stored Cross-Site Scripting

5.5

CVE-2022-1647

May 16, 2022

Researcher: Chiragh Arora

Formcraft3 <= 3.8.27 - Server Side Request Forgery

9.1

CVE-2022-0591

Feb 28, 2022

Researcher: Brandon James Roldan

FormCraft <= 1.2.1 - Cross-Site Request Forgery

8.8

CVE-2019-5920

Feb 26, 2019

Researcher: Masaki Saito

FormCraft <= 1.2.1 - Cross-Site Request Forgery

8.8

CVE-2019-15114

Feb 26, 2019

Researcher: Masaki Saito

FormCraft Basic 1.0.5 - SQL Injection via id Parameter

9.8

CVE-2017-13137

Jul 5, 2017

Researchers: Seyyed Amir Hossein Mir Hosseini, r0m3r0

Title	CVE ID	CVSS	Researchers	Date
FormCraft <= 1.2.6 - Authenticated (Admin+) Stored Cross-Site Scripting	CVE-2023-3501	4.4	Sayandeep Dutta	August 2, 2023
FormCraft Premium <= 3.9.6 - Authenticated(Administrator+) SQL Injection	CVE-2023-2592	6.6	Chien Vuong	June 5, 2023
FormCraft <= 1.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via fcb shortcode	CVE-2023-22717	6.4	Lana Codes	April 19, 2023
FormCraft Basic <= 1.2.5 - Authenticated (Admin+) Stored Cross-Site Scripting	CVE-2022-1647	5.5	Chiragh Arora	May 16, 2022
Formcraft3 <= 3.8.27 - Server Side Request Forgery	CVE-2022-0591	9.1	Brandon James Roldan	February 28, 2022
FormCraft <= 1.2.1 - Cross-Site Request Forgery	CVE-2019-5920	8.8	Masaki Saito	February 26, 2019
FormCraft <= 1.2.1 - Cross-Site Request Forgery	CVE-2019-15114	8.8	Masaki Saito	February 26, 2019
FormCraft Basic 1.0.5 - SQL Injection via id Parameter	CVE-2017-13137	9.8	Seyyed Amir Hossein Mir Hosseini, r0m3r0	July 5, 2017

All the threat data shared in this database is powered by Wordfence Intelligence Enterprise.
Interested in integrating this data into your platform or network?
Contact us now to discuss API access to our Wordfence Intelligence Enterprise Data Feeds.

Inquire Now

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation