CyberSec.Space Logo
Back to CVE Browser

CVE-2019-5920

HIGH
8.8
CVSS Severity Score
EPSS Score0.0960%
EPSS Percentile40.24th
PublishedMar 12, 2019
Last ModifiedNov 21, 2024

Vulnerability Description

Cross-site request forgery (CSRF) vulnerability in FormCraft 1.2.1 and earlier allows remote attackers to hijack the authentication of administrators via a specially crafted page.

Affected Platforms (CPE)

πŸ“¦
Ncrafts

Formcraft

<= 1.2.1

References & Advisories

πŸ”— http://jvn.jp/en/jp/JVN83501605/index.html
πŸ”— https://wordpress.org/plugins/formcraft-form-builder/#developers
πŸ”— https://wpvulndb.com/vulnerabilities/9231
πŸ”— http://jvn.jp/en/jp/JVN83501605/index.html
πŸ”— https://wordpress.org/plugins/formcraft-form-builder/#developers
πŸ”— https://wpvulndb.com/vulnerabilities/9231

Related Vulnerabilities

CVE-2017-131379.8

The FormCraft Basic plugin 1.0.5 for WordPress has SQL injection in the id parameter to form.php.

CVE-2019-151148.8

The formcraft-form-builder plugin before 1.2.2 for WordPress has CSRF.

CVE-2013-71877.5

SQL injection vulnerability in form.php in the FormCraft plugin 1.3.7 and earlier for WordPress allows remote attackers to execute...

CVE-2019-390510.0

Zoho ManageEngine ADSelfService Plus 5.x before build 5703 has SSRF.