EUVD-2023-59046

🗓️ 03 Oct 2025 20:07:09Reported by EUVDType

Formidable Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting due to weak input sanitization.

Reporter	Title	Published	Views	Family All 13
Circl	CVE-2023-6842	9 Jan 202408:26	–	circl
CNNVD	WordPress Plugin Formidable Forms Security Vulnerability	9 Jan 202400:00	–	cnnvd
CVE	CVE-2023-6842	9 Jan 202406:41	–	cve
Cvelist	CVE-2023-6842 Formidable Forms <= 6.7 - Authenticated (Administrator+) Stored Cross-Site Scripting	9 Jan 202406:41	–	cvelist
NVD	CVE-2023-6842	9 Jan 202407:15	–	nvd
OSV	CVE-2023-6842	9 Jan 202407:15	–	osv
Patchstack	WordPress Formidable Forms Plugin <= 6.7 is vulnerable to Cross Site Scripting (XSS)	9 Jan 202400:00	–	patchstack
Prion	Cross site scripting	9 Jan 202407:15	–	prion
Positive Technologies	PT-2024-15106 · WordPress · Formidable Forms	8 Jan 202400:00	–	ptsecurity
RedhatCVE	CVE-2023-6842	23 May 202504:58	–	redhatcve

[
  {
    "enisaIdVendor": [
      {
        "id": "3fbf8ab3-5a17-34d3-afaa-8d0f8b1ec7ec",
        "vendor": {
          "name": "sswells"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "61b5ad52-165e-3ba4-9d1c-2a10e0b46284",
        "product": {
          "name": "Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder"
        },
        "product_version": "* ≤6.7"
      },
      {
        "id": "dc5b9219-2651-3225-96ee-07a9b19bfbe0",
        "product": {
          "name": "Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder"
        }
      }
    ]
  }
]

Source	Link
wordfence	www.wordfence.com/threat-intel/vulnerabilities/id/47e402c3-e06c-4ac9-8c60-5666cb1101ce
plugins	www.plugins.trac.wordpress.org/changeset

03 Oct 2025 20:07Current

6.4Medium risk

Vulners AI Score6.4

CVSS 3.14.4 - 4.8

EPSS0.00169

SSVC