CVE-2022-0591

Name of the Vulnerable Software and Affected Versions FormCraft WordPress plugin versions prior to 3.8.28

Description The issue concerns the FormCraft WordPress plugin, where the URL parameter in the formcraft3 get AJAX action is not properly validated, leading to Server-Side Request Forgery (SSRF) issues. These issues can be exploited by unauthenticated users.

Recommendations For versions prior to 3.8.28, update to version 3.8.28 or later to resolve the issue. As a temporary workaround, consider restricting access to the formcraft3 get AJAX action to minimize the risk of exploitation.