CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
AI Score
Confidence
High
EPSS
Percentile
20.5%
The Formidable Forms plugin for WordPress is vulnerable to HTML injection in versions up to, and including, 6.7. This vulnerability allows unauthenticated users to inject arbitrary HTML code into form fields. When the form data is viewed by an administrator in the Entries View Page, the injected HTML code is rendered, potentially leading to admin area defacement or redirection to malicious websites.
Vendor | Product | Version | CPE |
---|---|---|---|
strategy11 | formidable_form_builder | * | cpe:2.3:a:strategy11:formidable_form_builder:*:*:*:*:*:wordpress:*:* |
[
{
"vendor": "sswells",
"product": "Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder",
"versions": [
{
"version": "*",
"status": "affected",
"lessThanOrEqual": "6.7",
"versionType": "semver"
}
],
"defaultStatus": "unaffected"
}
]