Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
prionPRIOn knowledge basePRION:CVE-2023-2877
HistoryJun 27, 2023 - 2:15 p.m.

Remote code execution

2023-06-2714:15:00
PRIOn knowledge base
www.prio-n.com
1
remote code execution
formidable forms
wordpress
plugin vulnerability
user authorization
url validation
arbitrary plugins

8.8 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

60.1%

JSON

The Formidable Forms WordPress plugin before 6.3.1 does not adequately authorize the user or validate the plugin URL in its functionality for installing add-ons. This allows a user with a role as low as Subscriber to install and activate arbitrary plugins of arbitrary versions from the WordPress.org plugin repository onto the site, leading to Remote Code Execution.

CPENameOperatorVersion
formidable_formslt6.3.1

Related

wpvulndb 1
githubexploit 1
cvelist 1
wpexploit 1
nvd 1
cve 1
openvas 1
wpvulndb
wpvulndb
Formidable Forms < 6.3.1 - Subscriber+ Remote Code Execution
2023-06-05 00:00:00
githubexploit
githubexploit
Exploit for CVE-2023-2877
2023-06-28 10:34:08
cvelist
cvelist
CVE-2023-2877 Formidable Forms < 6.3.1 - Subscriber+ Remote Code Execution
2023-06-27 13:17:12
wpexploit
wpexploit
Formidable Forms < 6.3.1 - Subscriber+ Remote Code Execution
2023-06-05 00:00:00
nvd
nvd
CVE-2023-2877
2023-06-27 14:15:11
cve
cve
CVE-2023-2877
2023-06-27 14:15:11
openvas
openvas
WordPress Formidable Forms Plugin < 6.3.1 RCE Vulnerability
2023-06-29 00:00:00

8.8 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

60.1%

JSON
Related for PRION:CVE-2023-2877
wpvulndb1githubexploit1cvelist1wpexploit1nvd1cve1openvas1