CVE-2023-0816 Formidable Forms < 6.1 - IP Spoofing

The Formidable Forms WordPress plugin before 6.1 uses several potentially untrusted headers to determine the IP address of the client, leading to IP Address spoofing and bypass of anti-spam protections...

PT-2023-16545 · WordPress · Formidable Forms

Name of the Vulnerable Software and Affected Versions: Formidable Forms WordPress plugin versions prior to 6.1 Description: The issue allows IP Address spoofing and bypass of anti-spam protections by using several potentially untrusted headers to determine the client's IP address. Recommendations...

WordPress plugin Formidable Forms 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

CVE-2023-28663

The Formidable PRO2PDF WordPress Plugin, version 3.11, is affected by an authenticated SQL injection vulnerability in the ‘fieldmap’ parameter in the fpropdfexportfile action...

CVE-2023-28663

The Formidable PRO2PDF WordPress Plugin, version 3.11, is affected by an authenticated SQL injection vulnerability in the ‘fieldmap’ parameter in the fpropdfexportfile action...

CVE-2023-28663

The Formidable PRO2PDF WordPress Plugin, version 3.11, is affected by an authenticated SQL injection vulnerability in the ‘fieldmap’ parameter in the fpropdfexportfile action...

CVE-2023-28663

The Formidable PRO2PDF WordPress Plugin, version 3.11, is affected by an authenticated SQL injection vulnerability in the ‘fieldmap’ parameter in the fpropdfexportfile action...

CVE-2023-28663

The Formidable PRO2PDF WordPress Plugin, versions prior to 3.11, contains an authenticated SQL injection in the fieldmap parameter of the fpropdf_export_file action. The root cause is improper handling of the fieldmap input, enabling arbitrary SQL execution when authenticated. This affects the pl...

Formidable PRO2PDF < 3.11 - Subscriber+ SQLi

The plugin does not properly sanitise and escape the fieldmap parameter before using it in a SQL statement via the fpropdfexportfile AJAX action, leading to a SQL injection exploitable by any authenticated users, such as subscriber PoC Run the below command in the developer console of the web...

PT-2023-21885 · WordPress · Formidable Pro2Pdf Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: Formidable PRO2PDF WordPress Plugin versions prior to 3.11 Description: The issue is an authenticated SQL injection vulnerability. It affects the fieldmap parameter in the fpropdf export file action. Recommendations: For versions prior to 3.1...

WordPress Plugin Formidable PRO2PDF SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

WordPress Formidable Forms Plugin < 6.1 is vulnerable to Bypass Vulnerability

Software Formidable Forms Type Plugin Vulnerable versions 6.1 Fixed in 6.1 OWASP Top 10 A1: Injection Classification Bypass Vulnerability CVE CVE-2023-0816 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 9879bb5c0709 Credits Daniel Ruf Required privilege Unauthenticated...

Formidable Forms < 6.1 - IP Spoofing

The plugin uses several potentially untrusted headers to determine the IP address of the client, leading to IP Address spoofing and bypass of anti-spam protections. PoC 1. In WordPress's Settings Discussion page, add your IP address to the Disallowed Comment Keys field. This will block form...

CVE-2023-24419

Cross-Site Request Forgery CSRF vulnerability in Strategy11 Form Builder Team Formidable Forms plugin = 5.5.6 versions...

CVE-2023-24419

Cross-Site Request Forgery CSRF vulnerability in Strategy11 Form Builder Team Formidable Forms plugin = 5.5.6 versions...

CVE-2023-24419 WordPress Formidable Forms Plugin <= 5.5.6 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in Strategy11 Form Builder Team Formidable Forms plugin = 5.5.6 versions...

CVE-2023-24419

CVE-2023-24419 affects the WordPress Formidable Forms plugin (

CVE-2023-24419 WordPress Formidable Forms Plugin <= 5.5.6 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in Strategy11 Form Builder Team Formidable Forms plugin = 5.5.6 versions...

WordPress plugin Formidable Forms 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

PT-2023-19579 · WordPress · Formidable Forms

Name of the Vulnerable Software and Affected Versions: Formidable Forms plugin versions = 5.5.6 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended actions on a web applicati...