CVE-2024-13783

Name of the Vulnerable Software and Affected Versions FormCraft plugin for WordPress versions up to and including 3.9.11

Description The issue arises from a missing capability check in formcraft-main.php, allowing authenticated attackers with Subscriber-level access and above to export all plugin data. This data may contain sensitive information from form submissions.

Recommendations For FormCraft plugin for WordPress versions up to and including 3.9.11, update to a version higher than 3.9.11 to resolve the issue. As a temporary workaround, consider restricting access to the formcraft-main.php file to minimize the risk of exploitation.