CVE-2013-7187 — CVSS 7.5 (high): SQL injection vulnerability in form.php in the FormCraft plugin 1.3.7 and earlier for WordPress allows remote attackers to execute…
CVE-2025-0817 — CVSS 7.2 (high): The FormCraft plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including…
CVE-2023-2592 — CVSS 7.2 (high): The FormCraft WordPress plugin before 3.9.7 does not properly sanitise and escape a parameter before using it in a SQL statement, leading…
CVE-2017-18600 — CVSS 5.4 (medium): The formcraft3 plugin before 3.4 for WordPress has stored XSS via the "New Form > Heading > Heading Text" field.
CVE-2022-1647 — CVSS 4.8 (medium): The FormCraft WordPress plugin before 1.2.6 does not sanitise and escape Field Labels, allowing high privilege users such as admin to…
CVE-2024-13783 — CVSS 4.3 (medium): The FormCraft plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check in formcraft-main.php in…