Lucene search
WPScanCVE-2023-0816HistoryMar 27, 2023 - 4:15 p.m.
CVE-2023-0816
2023-03-2716:15:09
CWE-290
WPScan
web.nvd.nist.gov
65
cve-2023-0816
formidable forms
wordpress
plugin
ip address spoofing
anti-spam protections
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
EPSS
0.001
Percentile
39.8%
The Formidable Forms WordPress plugin before 6.1 uses several potentially untrusted headers to determine the IP address of the client, leading to IP Address spoofing and bypass of anti-spam protections.
Affected configurations
Node
strategy11formidable_form_builderRange<6.1wordpress
| Vendor | Product | Version | CPE |
|---|---|---|---|
| strategy11 | formidable_form_builder | * | cpe:2.3:a:strategy11:formidable_form_builder:*:*:*:*:*:wordpress:*:* |
CNA Affected
[
{
"vendor": "Unknown",
"product": "Formidable Forms",
"versions": [
{
"status": "affected",
"versionType": "custom",
"version": "0",
"lessThan": "6.1"
}
],
"defaultStatus": "unaffected",
"collectionURL": "https://wordpress.org/plugins"
}
]Related
prion
prion
Spoofing
2023-03-27 16:15:00
cvelist
cvelist
CVE-2023-0816 Formidable Forms < 6.1 - IP Spoofing
2023-03-27 15:37:17
wpexploit
wpexploit
Formidable Forms < 6.1 - IP Spoofing
2023-03-06 00:00:00
wpvulndb
wpvulndb
Formidable Forms < 6.1 - IP Spoofing
2023-03-06 00:00:00
openvas
openvas
nvd
nvd
CVE-2023-0816
2023-03-27 16:15:09
wordfence
wordfence
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
EPSS
0.001
Percentile
39.8%
Related for CVE-2023-0816