Formidable Form Builder < 5.0.07 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape its Form's Labels, allowing high privileged users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed Create/edit a form, add the following payload to a Field Label: alert/XSS/ The XSS will be triggered when...

WordPress Formidable Form Builder plugin <= 4.09.04 - Stored Cross-Site Scripting (XSS) vulnerability

Unauthenticated Stored Cross-Site Scripting XSS vulnerability discovered by Maximilian Barz in WordPress Formidable Form Builder plugin versions = 4.09.04. Solution Update the WordPress Formidable Form Builder plugin to the latest available version at least 4.09.05...

WordPress Formidable Forms Builder Plugin < 4.02.01 RCE Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.113509";...

WordPress formidable plugin code issue vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. formidable is a form builder used in it. A code issue vulnerability exists in the WordPress formidable plugin prior to version 4.02.01...

CVE-2019-15780

The formidable plugin before 4.02.01 for WordPress has unsafe deserialization...

CVE-2019-15780

The formidable plugin before 4.02.01 for WordPress has unsafe deserialization...

Deserialization of untrusted data

The formidable plugin before 4.02.01 for WordPress has unsafe deserialization...

CVE-2019-15780

The formidable plugin before 4.02.01 for WordPress has unsafe deserialization...

WordPress Formidable Form Builder plugin <= 4.02 - Unsafe Deserialisation vulnerability

Unsafe Deserialisation vulnerability discovered in WordPress Formidable Form Builder plugin versions = 4.02. Solution Update the WordPress Formidable Form Builder plugin to the latest available version at least 4.02.01...

Formidable < 4.02.01 - Unsafe Deserialisation

The Formidable Form Builder – Contact Form, Survey & Quiz Forms Plugin for WordPress WordPress plugin was affected by an Unsafe Deserialisation security vulnerability...

Uber: Reflected XSS and sensitive data exposure, including payment details, on lioncityrentals.com.sg

lioncityrentals.com.sg employed a Wordpress installation that possessed a vulnerable plugin, Formidable Forms, which was vulnerable to reflected XSS, and exposed sensitive form data. Thanks again for the report, @healdb! This was the first bug I ever found that exposed a large amount of PII, than...

WordPress Formidable – Clockwork SMS plugin <=1.0.3 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability found by Elias Dimopoulos in WordPress Formidable – Clockwork SMS plugin versions =1.0.3. Solution Update the WordPress Formidable – Clockwork SMS plugin to the latest available version at least 1.1.0...

WordPress Formidable Forms Plugin Remote Code Execution

A remote code execution vulnerability exists in WordPress Formidable Forms plugin. A remote attacker can upload and execute vulnerable shortcodes via crafted parameters. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

WordPress Formidable Forms plugin <=2.05.02 - Multiple vulnerabilities

Multiple vulnerabilities found by Jouko Pynnönen in WordPress Formidable Forms plugin versions =2.05.02. Unauthenticated preview function allowing shortcodes, unauthenticated form entries retrieval and Server-Side Code Execution via iThemes Sync. Solution Update the WordPress Formidable Forms...

WordPress Formidable Forms plugin <=2.05.02 - SQL Injection (SQLi) vulnerability

Blind SQL Injection SQLi vulnerability found by Jouko Pynnönen in WordPress Formidable Forms plugin versions =2.05.02. This vulnerability allows an attacker to enumerate databases and tables and retrieve their contents. Solution Update the WordPress Formidable Forms plugin to the latest available...

WordPress Formidable Forms plugin <=2.05.02 - Multiple Cross-Site Scripting (XSS) vulnerabilities

Multiple Cross-Site Scripting XSS vulnerabilities found by Jouko Pynnönen in WordPress Formidable Forms plugin versions =2.05.02. Reflected Cross-Site Scripting vulnerability in form preview and Stored Cross-Site Scripting vulnerability in form entries. Solution Update the WordPress Formidable...

Formidable Forms <= 2.05.02 - Multiple Vulnerabilities

The Formidable Form Builder – Contact Form, Survey & Quiz Forms Plugin for WordPress WordPress plugin was affected by a Multiple Vulnerabilities security vulnerability...

Shortcodes Ultimate <= 5.0.0 - Authenticated Contributor Code Execution

The Shortcodes Ultimate plugin does not sanitize the "filter" argument to the "sumeta", "suuser", and "supost" shortcodes, allowing the filter to be set to the "system" function which runs arbitrary code. This is being exploited in the wild; I discovered this though analysis of modsecurity audit...

Grab: www.drivegrab.com SQL injection

Summary: The website uses a WordPress plugin called Formidable Pro. I found an SQL injection in the plugin code. Description: The plugin allows the site admin to create forms to be filled by users. For this end it implements some AJAX functions, including one to preview or actually just view a...

WordPress Formidable Forms Plugin <= 1.06.03 - Remote Code Execution

This plugin is prone to remote code execution because of ofcuploadimage.php file parameters $GET 'name' and $HTTPRAWPOSTDATA. Solution Update the plugin...