SQL Injection Vulnerability in FormCraft Plugin for WordPress
CVE-2013-7187

Currently unrated

Key Information:

Vendor: Wordpress
Status: Formcraft
Vendor: CVE Published:; 20 December 2013

Summary

The FormCraft plugin for WordPress contains a SQL injection vulnerability in the form.php file that can be exploited by remote attackers. By manipulating the 'id' parameter, an attacker can execute arbitrary SQL commands against the database. This could lead to unauthorized data access, data manipulation, or even complete database compromise. Users of affected versions are strongly advised to update the plugin to mitigate potential security risks.

References

http://packetstormsecurity.com/files/124343/wpformcraft-s...

x_refsource_MISC

https://exchange.xforce.ibmcloud.com/vulnerabilities/89581

vdb-entryx_refsource_XF

http://www.exploit-db.com/exploits/30002

exploitx_refsource_EXPLOIT-DB

EPSS Score

5% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Dec 20, 2013
Vulnerability Reserved
Dec 20, 2013