4 matches found
CVE-2023-2877 Formidable Forms < 6.3.1 - Subscriber+ Remote Code Execution
The Formidable Forms WordPress plugin before 6.3.1 does not adequately authorize the user or validate the plugin URL in its functionality for installing add-ons. This allows a user with a role as low as Subscriber to install and activate arbitrary plugins of arbitrary versions from the...
CVE-2023-2877
The CVE-2023-2877 entry is supported by multiple connected sources: Formidable Forms WordPress plugin prior to 6.3.1 allows a Subscriber or similarly low-privileged user to install and activate arbitrary plugins from WordPress.org due to inadequate authorization and plugin URL validation, resulti...
CVE-2023-2877 Formidable Forms < 6.3.1 - Subscriber+ Remote Code Execution
The Formidable Forms WordPress plugin before 6.3.1 does not adequately authorize the user or validate the plugin URL in its functionality for installing add-ons. This allows a user with a role as low as Subscriber to install and activate arbitrary plugins of arbitrary versions from the...
WordPress Formidable Forms Plugin < 6.3.1 is vulnerable to Remote Code Execution (RCE)
Software Formidable Forms Type Plugin Vulnerable versions 6.3.1 Fixed in 6.3.1 OWASP Top 10 A1: Injection Classification Remote Code Execution RCE CVE CVE-2023-2877 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID 64ee0a3444e8 Credits Alex Sanford Required privilege...