Seeing many attempts at accessing our site

This worries me. Apparently it’s true for version 2.0 of Formcraft with all WordPress till 5.4: https://packetstormsecurity.com/files/152122/WordPress-FormCraft-2.0-CSRF-Shell-Upload.html

Does this also apply to FormCraft Basic Version 1.2.6? I currently have it installed on WordPress 6.2….

I see that currently only the Premium version has file upload as a feature, the feature that is compromised (dangerous file types can be uploaded, creating a shell). So I guess the exploit does not apply to the basic version?

It says this with the Premium features:

Accept File Uploads

Add a multi-file upload field, allow your users to upload files.

I did check the exploit link for the latest version, and apparently there is nothing at this address.

https://www.your-website.com/wp-content/plugins/formcraft-form-builder/file-upload/server/content/upload.php

There is no File Upload folder in there apparently with the basic version. And the name has changed from “formcraft” to “formcraft-form-builder”, which probably helps reduce the amount of malicious traffic trying at that address.

I can’t comment on why bots are still trying to access that file, since it doesn’t exist. FormCraft premium (which was originally the exploited plugin) does not have this file, and the fix for the exploit above was implemented years ago.

FormCraft Basic (the plugin being discussed here) hasn’t had this issue.