CVE-2024-43157 – WordPress FormCraft plugin <= 1.2.10 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-43157
Missing Authorization vulnerability in nCrafts FormCraft allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FormCraft: from n/a through 1.2.10. The FormCraft plugin for WordPress is vulnerable to unauthorized access of data due to missing capability checks on the 'formcraft_basic_check' and 'formcraft_basic_check_form_page_access' functions in versions up to, and including, 1.2.10. This makes it possible for authenticated attackers, with subscriber-level access and above, to export and preview forms. • https://patchstack.com/database/vulnerability/formcraft-form-builder/wordpress-formcraft-plugin-1-2-10-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVE-2023-47823 – FormCraft <= 1.2.7 - Missing Authorization via formcraft_nag_update
https://notcve.org/view.php?id=CVE-2023-47823
The FormCraft plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the formcraft_nag_update AJAX nopriv_ function in versions up to, and including, 1.2.7. This makes it possible for unauthenticated attackers to delay or disable update notifications. • CWE-862: Missing Authorization •