SQL Injection Vulnerability in FormCraft Basic Plugin for WordPress
CVE-2017-13137

9.8CRITICAL

Key Information:

Vendor: Wordpress
Status: Formcraft
Vendor: CVE Published:; 23 August 2017

Summary

The FormCraft Basic plugin, version 1.0.5 for WordPress, is susceptible to an SQL injection vulnerability due to improper handling of the 'id' parameter in the form.php file. This flaw could allow attackers to execute arbitrary SQL queries, potentially leading to unauthorized access to sensitive data stored in the database. It is crucial for users of this plugin to apply necessary patches and mitigate risks associated with this security issue.

References

https://packetstormsecurity.com/files/143116/WordPress-Fo...

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 23, 2017
Vulnerability Reserved
Aug 22, 2017