All 9 CVE vulnerabilities found in FormCraft, with AI-generated Chinese analysis, references, and POCs.
Vendor: nCrafts
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-13783 | FormCraft <= 3.9.11 - Missing Authorization to Plugin Data Export in formcraft-main.php CWE-862 | 4.3 | Medium | 2025-02-18 |
| CVE-2025-0817 | FormCraft - Premium WordPress Form Builder <= 3.9.11 - Unauthenticated Stored Cross-Site Scripting via SVG File Upload CWE-79 | 7.2 | High | 2025-02-18 |
| CVE-2023-47823 | WordPress FormCraft – Contact Form Builder for WordPress plugin <= 1.2.7 - Broken Access Control vulnerability CWE-862 | 5.3 | Medium | 2024-12-09 |
| CVE-2024-43157 | WordPress FormCraft plugin <= 1.2.10 - Broken Access Control vulnerability CWE-862 | 4.3 | Medium | 2024-11-01 |
| CVE-2023-3501 | FormCraft < 1.2.7 - Admin+ Stored XSS | 4.8 | - | 2023-08-30 |
| CVE-2023-2592 | FormCraft Premium < 3.9.7 - Admin+ SQLi | 7.2 | - | 2023-06-27 |
| CVE-2023-22717 | WordPress FormCraft Plugin <= 1.2.6 is vulnerable to Cross Site Scripting (XSS) CWE-79 | 6.5 | Medium | 2023-05-15 |
| CVE-2022-0591 | Formcraft3 < 3.8.28 - Unauthenticated SSRF CWE-918 | 9.1 | - | 2022-03-21 |
| CVE-2019-5920 | WordPress FormCraft 跨站请求伪造漏洞 | 8.8 | - | 2019-03-12 |
All 9 known CVE vulnerabilities affecting FormCraft with full Chinese analysis, references, and POCs where available.