Lucene search
WPScanCVELIST:CVE-2023-2877HistoryJun 27, 2023 - 1:17 p.m.
CVE-2023-2877 Formidable Forms < 6.3.1 - Subscriber+ Remote Code Execution
2023-06-2713:17:12
WPScan
www.cve.org
cve-2023-2877
formidable forms
wordpress plugin
subscriber+
remote code execution
0.002 Low
EPSS
Percentile
60.1%
The Formidable Forms WordPress plugin before 6.3.1 does not adequately authorize the user or validate the plugin URL in its functionality for installing add-ons. This allows a user with a role as low as Subscriber to install and activate arbitrary plugins of arbitrary versions from the WordPress.org plugin repository onto the site, leading to Remote Code Execution.
CNA Affected
[
{
"vendor": "Unknown",
"product": "Formidable Forms",
"versions": [
{
"status": "affected",
"versionType": "custom",
"version": "0",
"lessThan": "6.3.1"
}
],
"defaultStatus": "unaffected",
"collectionURL": "https://wordpress.org/plugins"
}
]Related
wpvulndb
wpvulndb
Formidable Forms < 6.3.1 - Subscriber+ Remote Code Execution
2023-06-05 00:00:00
githubexploit
githubexploit
Exploit for CVE-2023-2877
2023-06-28 10:34:08
wpexploit
wpexploit
Formidable Forms < 6.3.1 - Subscriber+ Remote Code Execution
2023-06-05 00:00:00
nvd
nvd
CVE-2023-2877
2023-06-27 14:15:11
cve
cve
CVE-2023-2877
2023-06-27 14:15:11
prion
prion
Remote code execution
2023-06-27 14:15:00
openvas
openvas
WordPress Formidable Forms Plugin < 6.3.1 RCE Vulnerability
2023-06-29 00:00:00