Lucene search
K

4 matches found

Vulnrichment
Vulnrichment
added 2023/06/27 1:17 p.m.19 views

CVE-2023-2877 Formidable Forms < 6.3.1 - Subscriber+ Remote Code Execution

The Formidable Forms WordPress plugin before 6.3.1 does not adequately authorize the user or validate the plugin URL in its functionality for installing add-ons. This allows a user with a role as low as Subscriber to install and activate arbitrary plugins of arbitrary versions from the...

7.2AI score0.22452EPSS
Exploits3References1
CVE
CVE
added 2023/06/27 1:17 p.m.195 views

CVE-2023-2877

The CVE-2023-2877 entry is supported by multiple connected sources: Formidable Forms WordPress plugin prior to 6.3.1 allows a Subscriber or similarly low-privileged user to install and activate arbitrary plugins from WordPress.org due to inadequate authorization and plugin URL validation, resulti...

8.8CVSS8.9AI score0.22452EPSS
Exploits3References1Affected Software1
Cvelist
Cvelist
added 2023/06/27 1:17 p.m.28 views

CVE-2023-2877 Formidable Forms < 6.3.1 - Subscriber+ Remote Code Execution

The Formidable Forms WordPress plugin before 6.3.1 does not adequately authorize the user or validate the plugin URL in its functionality for installing add-ons. This allows a user with a role as low as Subscriber to install and activate arbitrary plugins of arbitrary versions from the...

9.1AI score0.22452EPSS
Exploits3References1
Patchstack
Patchstack
added 2023/06/27 12:0 a.m.16 views

WordPress Formidable Forms Plugin < 6.3.1 is vulnerable to Remote Code Execution (RCE)

Software Formidable Forms Type Plugin Vulnerable versions 6.3.1 Fixed in 6.3.1 OWASP Top 10 A1: Injection Classification Remote Code Execution RCE CVE CVE-2023-2877 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID 64ee0a3444e8 Credits Alex Sanford Required privilege...

8.8CVSS7.2AI score0.22452EPSS
Exploits3References4Affected Software1
Rows per page
Query Builder