exploitDog

CVE-2024-13783

Опубликовано: 18 фев. 2025

Источник: nvd

CVSS3: 4.3

EPSS Низкий

Описание

The FormCraft plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check in formcraft-main.php in all versions up to, and including, 3.9.11. This makes it possible for authenticated attackers, with Subscriber-level access and above, to export all plugin data which may contain sensitive information from form submissions.

Ссылки

https://codecanyon.net/item/formcraft-premium-wordpress-form-builder/5335056
Product
https://formcraft-wp.com/changelog/
Release Notes
https://www.wordfence.com/threat-intel/vulnerabilities/id/f7b45b1d-7ed6-4382-b69c-45ea45e4d0db?source=cve
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:ncrafts:formcraft:*:*:*:*:*:wordpress:*:*

Версия до 3.9.12 (исключая)

EPSS

Процентиль: 30%

0.00113

Низкий

4.3 Medium

CVSS3

Дефекты

CWE-862

Связанные уязвимости

GHSA-526h-jq57-957j

CVSS3: 4.3

github

12 месяцев назад

The FormCraft plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check in formcraft-main.php in all versions up to, and including, 3.9.11. This makes it possible for authenticated attackers, with Subscriber-level access and above, to export all plugin data which may contain sensitive information from form submissions.

EPSS

Процентиль: 30%

0.00113

Низкий

4.3 Medium

CVSS3

Дефекты

CWE-862