CVE-2023-6830

2024-01-0907:15:13

CWE-79

[email protected]

web.nvd.nist.gov

cve-2023-6830

html injection

unauthenticated users

form fields

admin area defacement

redirection

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

20.5%

JSON

The Formidable Forms plugin for WordPress is vulnerable to HTML injection in versions up to, and including, 6.7. This vulnerability allows unauthenticated users to inject arbitrary HTML code into form fields. When the form data is viewed by an administrator in the Entries View Page, the injected HTML code is rendered, potentially leading to admin area defacement or redirection to malicious websites.

Affected configurations

Nvd

Node

strategy11formidable_form_builderRange≤6.7wordpress

VendorProductVersionCPE
strategy11formidable_form_builder*cpe:2.3:a:strategy11:formidable_form_builder:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
strategy11	formidable_form_builder	*	cpe:2.3:a:strategy11:formidable_form_builder::::::wordpress::*

References

plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3017166%40formidable%2Ftrunk&old=3009066%40formidable%2Ftrunk&sfp_email=&sfph_mail=

www.wordfence.com/threat-intel/vulnerabilities/id/ff294b0f-97fe-4d27-bf93-f5bbb57ac1f6?source=cve