Vulnerabilities > CVE-2022-0591 - Unspecified vulnerability in Subtlewebinc Formcraft3
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
NONE Summary
The FormCraft WordPress plugin before 3.8.28 does not validate the URL parameter in the formcraft3_get AJAX action, leading to SSRF issues exploitable by unauthenticated users
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |