返回 CVE 瀏覽器

CVE-2019-5920

HIGH

8.8

CVSS Severity Score

EPSS Score0.0960%

EPSS Percentile40.24th

Published2019年3月12日

Last Modified2024年11月21日

Vulnerability Description

Cross-site request forgery (CSRF) vulnerability in FormCraft 1.2.1 and earlier allows remote attackers to hijack the authentication of administrators via a specially crafted page.

Affected Platforms (CPE)

📦

Ncrafts

Formcraft

<= 1.2.1

References & Advisories

🔗 http://jvn.jp/en/jp/JVN83501605/index.html

🔗 https://wordpress.org/plugins/formcraft-form-builder/#developers

🔗 https://wpvulndb.com/vulnerabilities/9231

🔗 http://jvn.jp/en/jp/JVN83501605/index.html

🔗 https://wordpress.org/plugins/formcraft-form-builder/#developers

🔗 https://wpvulndb.com/vulnerabilities/9231

相關漏洞威脅

CVE-2017-131379.8

The FormCraft Basic plugin 1.0.5 for WordPress has SQL injection in the id parameter to form.php.

CVE-2019-151148.8

The formcraft-form-builder plugin before 1.2.2 for WordPress has CSRF.

CVE-2013-71877.5

SQL injection vulnerability in form.php in the FormCraft plugin 1.3.7 and earlier for WordPress allows remote attackers to execute...

CVE-2019-1467810.0

SAS XML Mapper 9.45 has an XML External Entity (XXE) vulnerability that can be leveraged by malicious attackers in multiple ways. ...