Vulnerabilities > Ncrafts > High

DATE CVE VULNERABILITY TITLE RISK
2023-06-27 CVE-2023-2592 SQL Injection vulnerability in Ncrafts Formcraft
The FormCraft WordPress plugin before 3.9.7 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin.
network
low complexity
ncrafts CWE-89
7.2
7.2
2019-08-16 CVE-2019-15114 Cross-Site Request Forgery (CSRF) vulnerability in Ncrafts Formcraft
The formcraft-form-builder plugin before 1.2.2 for WordPress has CSRF.
network
low complexity
ncrafts CWE-352
8.8
8.8
2019-03-12 CVE-2019-5920 Cross-Site Request Forgery (CSRF) vulnerability in Ncrafts Formcraft
Cross-site request forgery (CSRF) vulnerability in FormCraft 1.2.1 and earlier allows remote attackers to hijack the authentication of administrators via a specially crafted page.
network
low complexity
ncrafts CWE-352
8.8
8.8