Vulnerabilities > Ncrafts > Formcraft > 3.9.7

DATE CVE VULNERABILITY TITLE RISK
2025-02-18 CVE-2024-13783 Missing Authorization vulnerability in Ncrafts Formcraft
The FormCraft plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check in formcraft-main.php in all versions up to, and including, 3.9.11.
network
low complexity
ncrafts CWE-862
4.3
4.3
2025-02-18 CVE-2025-0817 Cross-site Scripting vulnerability in Ncrafts Formcraft
The FormCraft plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.9.11 due to insufficient input sanitization and output escaping.
network
low complexity
ncrafts CWE-79
6.1
6.1