CyberSec.Space Logo
Back to CVE Browser

CVE-2013-7187

HIGH
7.5
CVSS Severity Score
EPSS Score0.1940%
EPSS Percentile39.52th
PublishedDec 20, 2013
Last ModifiedApr 29, 2026

Vulnerability Description

SQL injection vulnerability in form.php in the FormCraft plugin 1.3.7 and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter.

Affected Platforms (CPE)

πŸ“¦
Ncrafts

Formcraft

<= 1.3.7
πŸ“¦
Ncrafts

Formcraft

= 1.1
πŸ“¦
Ncrafts

Formcraft

= 1.2
πŸ“¦
Ncrafts

Formcraft

= 1.2.1
πŸ“¦
Ncrafts

Formcraft

= 1.3
πŸ“¦
Ncrafts

Formcraft

= 1.3.1
πŸ“¦
Ncrafts

Formcraft

= 1.3.2
πŸ“¦
Ncrafts

Formcraft

= 1.3.3
πŸ“¦
Ncrafts

Formcraft

= 1.3.4
πŸ“¦
Ncrafts

Formcraft

= 1.3.5
πŸ“¦
Ncrafts

Formcraft

= 1.3.6

References & Advisories

πŸ”— http://packetstormsecurity.com/files/124343/wpformcraft-sql.txt
πŸ”— http://secunia.com/advisories/56044
πŸ”— http://www.exploit-db.com/exploits/30002
πŸ”— http://www.securityfocus.com/bid/64183
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/89581
πŸ”— http://packetstormsecurity.com/files/124343/wpformcraft-sql.txt
πŸ”— http://secunia.com/advisories/56044
πŸ”— http://www.exploit-db.com/exploits/30002

Related Vulnerabilities

CVE-2017-131379.8

The FormCraft Basic plugin 1.0.5 for WordPress has SQL injection in the id parameter to form.php.

CVE-2019-59208.8

Cross-site request forgery (CSRF) vulnerability in FormCraft 1.2.1 and earlier allows remote attackers to hijack the authenticatio...

CVE-2019-151148.8

The formcraft-form-builder plugin before 1.2.2 for WordPress has CSRF.

CVE-2013-007310.0

The Windows Forms (aka WinForms) component in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly restrict ...

CVE-2013-7187 Detail & Impact Analysis | CVSS 7.5 (HIGH) | Cyber-Sec.Space | Cyber-Sec.Space