Vulnerabilities > CVE-2022-0591 - Server-Side Request Forgery (SSRF) vulnerability in Subtlewebinc Formcraft3
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
NONE Summary
The FormCraft WordPress plugin before 3.8.28 does not validate the URL parameter in the formcraft3_get AJAX action, leading to SSRF issues exploitable by unauthenticated users
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |