• Seeing many attempts at accessing our site from varying i/p addresses by way of this plugin which we do not have installed.

    3:22 pm plugins/formcraft/file-upload/server/content/upload.php

    WP-CERBER is doing it’s job, but I’ve seen 3 different i/p address try and access this file.

    Is your plugin a backend for site attacks?

Viewing 3 replies - 1 through 3 (of 3 total)
  • This worries me. Apparently it’s true for version 2.0 of Formcraft with all WordPress till 5.4: https://packetstormsecurity.com/files/152122/WordPress-FormCraft-2.0-CSRF-Shell-Upload.html

    Does this also apply to FormCraft Basic Version 1.2.6? I currently have it installed on WordPress 6.2….

    I see that currently only the Premium version has file upload as a feature, the feature that is compromised (dangerous file types can be uploaded, creating a shell). So I guess the exploit does not apply to the basic version?

    It says this with the Premium features:

    Accept File Uploads

    Add a multi-file upload field, allow your users to upload files.

    I did check the exploit link for the latest version, and apparently there is nothing at this address.


    There is no File Upload folder in there apparently with the basic version. And the name has changed from “formcraft” to “formcraft-form-builder”, which probably helps reduce the amount of malicious traffic trying at that address.

    Plugin Author Formcrafts


    I can’t comment on why bots are still trying to access that file, since it doesn’t exist. FormCraft premium (which was originally the exploited plugin) does not have this file, and the fix for the exploit above was implemented years ago.

    FormCraft Basic (the plugin being discussed here) hasn’t had this issue.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Seeing many attempts at accessing our site’ is closed to new replies.