CVE-2022-0591: 
WordPress vulnerability analysis and mitigation

The FormCraft WordPress plugin (versions before 3.8.28) contains a Server-Side Request Forgery (SSRF) vulnerability identified as CVE-2022-0591. The vulnerability was discovered by Brandon James Roldan and publicly disclosed on February 28, 2022. This security issue affects the plugin's AJAX functionality, specifically in the formcraft3_get action, where the URL parameter is not properly validated (WPScan).

The vulnerability is classified as a Server-Side Request Forgery (SSRF) issue with a CVSS score of 5.8 (medium severity). It is mapped to CWE-918 and falls under the OWASP Top 10 category A1: Injection. The vulnerability exists in the formcraft3_get AJAX action where the lack of URL parameter validation allows for potential SSRF attacks (WPScan).

The vulnerability allows unauthenticated users to perform Server-Side Request Forgery attacks against the affected WordPress installations. This means attackers can potentially make the server perform unauthorized requests to internal or external resources (NVD).

The vulnerability has been fixed in FormCraft version 3.8.28. Users are strongly advised to update their FormCraft plugin to this version or later to mitigate the security risk (WPScan).