WordPress Plugin Vulnerabilities

FormCraft - form.php id Parameter SQL Injection

Description

The formcraft WordPress plugin was affected by a form.php id Parameter SQL Injection security vulnerability.

Affects Plugins

Plugin icon
formcraft
No known fix

References

CVE
CVE-2017-13137
CVE
CVE-2013-7187
URL
https://packetstormsecurity.com/files/#143116/
URL
https://packetstormsecurity.com/files/#124343/

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89
CVSS
9.8 (critical)

Miscellaneous

Verified
No
WPVDB ID
f8c30255-5c27-4f58-9712-32fe824a1382

Timeline

Publicly Published
2013-12-08 (about 12 years ago)
Added
2014-08-01 (about 11 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2014-08-01
Title
p1m media manager - SQL Injection
Published
2023-07-24
Title
Quasar form <= 6.1 - Subscriber+ SQLi
Published
2022-12-09
Title
Visual Email Designer for WooCommerce < 1.7.2 - Multiple Author+ SQLi
Published
2025-11-18
Title
Community Events < 1.5.5 - Unauthenticated SQL Injection
Published
2019-05-22
Title
WP Booking System < 1.5.2 - CSRF to Authenticated SQL Injection