CVE-2024-6725 Formidable Forms <= 6.11.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting

The Formidable Forms – Contact Form Plugin, Survey, Quiz, Payment, Calculator Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘html’ parameter in all versions up to, and including, 6.11.1 due to insufficient input sanitization and output...

CVE-2024-6725

Formidable Forms (WordPress)

WordPress Formidable Forms plugin <= 6.11.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting vulnerability

Authenticated Subscriber+ Stored Cross-Site Scripting vulnerability discovered by zer0gh0st in WordPress Plugin Formidable Forms versions = 6.11.1...

WordPress Formidable Forms Plugin <= 6.11.1 is vulnerable to Cross Site Scripting (XSS)

Software Formidable Forms Type Plugin Vulnerable versions = 6.11.1 Fixed in 6.11.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6725 Patch priority Low CVSS severity Low 4.9 Developer Claim ownership PSID b87ac759b2ea Credits zer0gh0st Required...

WordPress plugin Formidable Forms 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2024-37825 · WordPress · Formidable Forms

Name of the Vulnerable Software and Affected Versions: Formidable Forms – Contact Form Plugin, Survey, Quiz, Payment, Calculator Form & Custom Form Builder plugin for WordPress versions up to, and including, 6.11.1 Description: The issue is related to Stored Cross-Site Scripting via the html...

CVE-2024-38353 CodiMD - Missing Image Access Controls and Unauthorized Image Access

CodiMD allows realtime collaborative markdown notes on all platforms. CodiMD before 2.5.4 is missing authentication and access control vulnerability allowing an unauthenticated attacker to gain unauthorised access to image data uploaded to CodiMD. CodiMD does not require valid authentication to...

CVE-2024-38353 CodiMD - Missing Image Access Controls and Unauthorized Image Access

CodiMD allows realtime collaborative markdown notes on all platforms. CodiMD before 2.5.4 is missing authentication and access control vulnerability allowing an unauthenticated attacker to gain unauthorised access to image data uploaded to CodiMD. CodiMD does not require valid authentication to...

CVE-2024-23522

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in Strategy11 Form Builder Team Formidable Forms allows Code Injection.This issue affects Formidable Forms: from n/a through 6.7...

CVE-2024-23522

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in Strategy11 Form Builder Team Formidable Forms allows Code Injection.This issue affects Formidable Forms: from n/a through 6.7...

CVE-2024-23522

CVE-2024-23522 affects WordPress Formidable Forms plugin versions

CVE-2024-23522 WordPress Formidable Forms plugin <= 6.7 - Content Injection vulnerability

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in Strategy11 Form Builder Team Formidable Forms allows Code Injection.This issue affects Formidable Forms: from n/a through 6.7...

CVE-2024-23522 WordPress Formidable Forms plugin <= 6.7 - Content Injection vulnerability

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in Strategy11 Form Builder Team Formidable Forms allows Code Injection.This issue affects Formidable Forms: from n/a through 6.7...

PT-2024-19924 · Unknown · Formidable Forms

Name of the Vulnerable Software and Affected Versions: Formidable Forms versions through 6.7 Description: The issue is related to an Improper Neutralization of Script-Related HTML Tags in a Web Page, also known as Basic XSS, allowing Code Injection in Formidable Forms. Recommendations: For versio...

WordPress plugin Formidable Forms 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

WordPress Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms plugin <=1.3.9 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Joshua Chan Patchstack Alliance in WordPress Plugin Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms versions = 1.3.9...

Formidable PRO2PDF Plugin for WordPress < 3.11 SQL Injection

The WordPress Formidable PRO2PDF Plugin installed on the remote host is affected by an authenticated SQL Injection via the fieldmap parameter of the fpropdfexportfile action. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported versi...

WordPress Formidable Registration Plugin < 2.12 is vulnerable to Broken Authentication

Software Formidable Registration Type Plugin Vulnerable versions 2.12 Fixed in 2.12 OWASP Top 10 A4: Insecure Design Classification Broken Authentication CVE CVE-2024-1290 Patch priority Medium CVSS severity Medium 9.9 Developer Claim ownership PSID de229a590aad Credits Scott Kingsley Clark...

CVE-2024-1290 Formidable Registration < 2.12 - Contributor+ Arbitrary User Password Reset To Account Takeover

The User Registration WordPress plugin before 2.12 does not prevent users with at least the contributor role from rendering sensitive shortcodes, allowing them to generate, and leak, valid password reset URLs, which they can use to take over any accounts...

CVE-2024-1290 Formidable Registration < 2.12 - Contributor+ Arbitrary User Password Reset To Account Takeover

The User Registration WordPress plugin before 2.12 does not prevent users with at least the contributor role from rendering sensitive shortcodes, allowing them to generate, and leak, valid password reset URLs, which they can use to take over any accounts...