2 results (0.002 seconds)

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

Missing Authorization vulnerability in nCrafts FormCraft allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FormCraft: from n/a through 1.2.10. The FormCraft plugin for WordPress is vulnerable to unauthorized access of data due to missing capability checks on the 'formcraft_basic_check' and 'formcraft_basic_check_form_page_access' functions in versions up to, and including, 1.2.10. This makes it possible for authenticated attackers, with subscriber-level access and above, to export and preview forms. • https://patchstack.com/database/vulnerability/formcraft-form-builder/wordpress-formcraft-plugin-1-2-10-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

The FormCraft plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the formcraft_nag_update AJAX nopriv_ function in versions up to, and including, 1.2.7. This makes it possible for unauthenticated attackers to delay or disable update notifications. • CWE-862: Missing Authorization •