Vulnerability Details CVE-2022-0591
The FormCraft WordPress plugin before 3.8.28 does not validate the URL parameter in the formcraft3_get AJAX action, leading to SSRF issues exploitable by unauthenticated users
Exploit prediction scoring system (EPSS) score
EPSS Score 0.83
EPSS Ranking 99.2%
CVSS Severity
CVSS v3 Score 9.1
CVSS v2 Score 6.4
References
Products affected by CVE-2022-0591
-
cpe:2.3:a:subtlewebinc:formcraft3:*