Unvalidated URL Parameter in FormCraft WordPress Plugin Leads to SSRF Vulnerability

Unvalidated URL Parameter in FormCraft WordPress Plugin Leads to SSRF Vulnerability

CVE-2022-0591 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

The FormCraft WordPress plugin before 3.8.28 does not validate the URL parameter in the formcraft3_get AJAX action, leading to SSRF issues exploitable by unauthenticated users

Learn more about our Wordpress Pen Testing.