CyberSec.Space Logo
Back to CVE Browser

CVE-2017-13137

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0690%
EPSS Percentile3.45th
PublishedAug 23, 2017
Last ModifiedMay 13, 2026

Vulnerability Description

The FormCraft Basic plugin 1.0.5 for WordPress has SQL injection in the id parameter to form.php.

Affected Platforms (CPE)

📦
Formcrafts

Formcraft

= 1.0.5

References & Advisories

🔗 https://packetstormsecurity.com/files/143116/WordPress-FormCraft-Basic-1.0.5-SQL-Injection.html
🔗 https://packetstormsecurity.com/files/143116/WordPress-FormCraft-Basic-1.0.5-SQL-Injection.html

Related Vulnerabilities

CVE-2019-59208.8

Cross-site request forgery (CSRF) vulnerability in FormCraft 1.2.1 and earlier allows remote attackers to hijack the authenticatio...

CVE-2019-151148.8

The formcraft-form-builder plugin before 1.2.2 for WordPress has CSRF.

CVE-2013-71877.5

SQL injection vulnerability in form.php in the FormCraft plugin 1.3.7 and earlier for WordPress allows remote attackers to execute...

CVE-2017-379110.0

A vulnerability in the web-based GUI of Cisco Prime Home could allow an unauthenticated, remote attacker to bypass authentication ...