Cross-Site Request Forgery in FormCraft Plugin for WordPress
CVE-2019-5920

8.8HIGH

Key Information:

Vendor

WordPress
Status
Formcraft
Vendor
CVE Published:
12 March 2019

What is CVE-2019-5920?

A Cross-Site Request Forgery (CSRF) vulnerability exists in FormCraft versions 1.2.1 and earlier, allowing remote attackers to exploit the plugin. By constructing a specially crafted webpage, attackers can manipulate authenticated sessions, compromising admin authentication and potentially taking control over the affected WordPress site. This vulnerability underscores the importance of ensuring secure user interactions and prompt updates for maintaining the integrity of WordPress environments.

Affected Version(s)

FormCraft 1.2.1 and earlier

References

https://wordpress.org/plugins/formcraft-form-builder/#dev...
x_refsource_MISC
http://jvn.jp/en/jp/JVN83501605/index.html
third-party-advisoryx_refsource_JVN
https://wpvulndb.com/vulnerabilities/9231
x_refsource_MISC

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.