formcraft vulnerabilities and exploits

6.8
CVSSv2
CVE-2019-15114

The formcraft-form-builder plugin before 1.2.2 for WordPress has CSRF....

7.5
CVSSv2
CVE-2017-13137

The FormCraft Basic plugin 1.0.5 for WordPress has SQL injection in the id parameter to form.php....

7.5
CVSSv2
CVE-2013-7187

SQL injection vulnerability in form.php in the FormCraft plugin 1.3.7 and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter....

NcraftsFormcraft
6.8
CVSSv2
CVE-2019-5920

Cross-site request forgery (CSRF) vulnerability in FormCraft 1.2.1 and earlier allows remote attackers to hijack the authentication of administrators via a specially crafted page....

3.5
CVSSv2
CVE-2017-18600

The formcraft3 plugin before 3.4 for WordPress has stored XSS via the "New Form > Heading > Heading Text" field....

6.8
CVSSv2
CVE-2019-6340

If you are using Drupal 8.6.x, upgrade to Drupal 8.6.10. If you are using Drupal 8.5.x or earlier, upgrade to Drupal 8.5.11. Be sure to install any available security updates for contributed projects after updating Drupal core. No core update is required for Drupal 7, but...

Drupal