CVE-2023-2877 Formidable Forms < 6.3.1 - Subscriber+ Remote Code Execution

The Formidable Forms WordPress plugin before 6.3.1 does not adequately authorize the user or validate the plugin URL in its functionality for installing add-ons. This allows a user with a role as low as Subscriber to install and activate arbitrary plugins of arbitrary versions from the...

CVE-2023-2877 Formidable Forms < 6.3.1 - Subscriber+ Remote Code Execution

The Formidable Forms WordPress plugin before 6.3.1 does not adequately authorize the user or validate the plugin URL in its functionality for installing add-ons. This allows a user with a role as low as Subscriber to install and activate arbitrary plugins of arbitrary versions from the...

CVE-2023-2877

The CVE-2023-2877 entry is supported by multiple connected sources: Formidable Forms WordPress plugin prior to 6.3.1 allows a Subscriber or similarly low-privileged user to install and activate arbitrary plugins from WordPress.org due to inadequate authorization and plugin URL validation, resulti...

WordPress Plugin "Snow Monkey Forms" vulnerable to directory traversal

Overview WordPress Plugin "Snow Monkey Forms" provided by Monkey Wrench Inc. contains a directory traversal vulnerability CWE-22. Shinsaku Nomura of Bitforest Co.,Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership...

WordPress Formidable Forms Plugin < 6.3.1 is vulnerable to Remote Code Execution (RCE)

Software Formidable Forms Type Plugin Vulnerable versions 6.3.1 Fixed in 6.3.1 OWASP Top 10 A1: Injection Classification Remote Code Execution RCE CVE CVE-2023-2877 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID 64ee0a3444e8 Credits Alex Sanford Required privilege...

WordPress plugin Gravity Forms Google Sheet Connector 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

PT-2023-18882 · WordPress · Gsheetconnector-Gravityforms-Pro +1

Name of the Vulnerable Software and Affected Versions: Gravity Forms Google Sheet Connector WordPress plugin versions prior to 1.3.5 gsheetconnector-gravityforms-pro WordPress plugin versions prior to 1.3.5 Description: The issue concerns a lack of CSRF check when updating the Access Code,...

WordPress plugin Formidable Forms 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

WordPress Caldera Forms Google Sheets Connector Plugin <= 1.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software Caldera Forms Google Sheets Connector Type Plugin Vulnerable versions = 1.2 Fixed in 1.3 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-2330 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 989c25f04825 Credits...

JVN#97127032: WordPress Plugin "Snow Monkey Forms" vulnerable to directory traversal

WordPress Plugin "Snow Monkey Forms" provided by Monkey Wrench Inc. contains a directory traversal vulnerability CWE-22. Impact Arbitrary files on the server may be deleted by a remote attacker. Solution Update the plugin Update the plugin according to the information provided by the developer...

PT-2023-21949 · WordPress · Formidable Forms

Name of the Vulnerable Software and Affected Versions: Formidable Forms WordPress plugin versions prior to 6.3.1 Description: The issue allows a user with a low role, such as Subscriber, to install and activate arbitrary plugins of any version from the WordPress.org plugin repository, leading to...

WordPress Plugin Snow Monkey Forms 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A path traversal vulnerability exists in...

CVE-2023-29434

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in FancyThemes Optin Forms – Simple List Building Plugin for WordPress plugin = 1.3.1 versions...

CVE-2023-29434

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in FancyThemes Optin Forms – Simple List Building Plugin for WordPress plugin = 1.3.1 versions...

Cross site scripting

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in FancyThemes Optin Forms – Simple List Building Plugin for WordPress plugin = 1.3.1 versions...

CVE-2023-29434 WordPress Optin Forms Plugin <= 1.3.1 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in FancyThemes Optin Forms – Simple List Building Plugin for WordPress plugin = 1.3.1 versions...

CVE-2023-29434

CVE-2023-29434 affects FancyThemes Optin Forms – Simple List Building Plugin for WordPress (

NEX-Forms < 8.4.4 - Authenticated Stored XSS

The plugin does not escape its form name, which could lead to Stored Cross-Site Scripting issues. By default only SuperAdmins in multisite / admins in single site can create forms, however there is a settings allowing them to give lower roles access to such feature. Create a new form with the...

WordPress Plugin FancyThemes Optin Forms–Simple List Building 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

NEX-Forms < 8.4.4 - Authenticated Stored XSS

The plugin does not escape its form name, which could lead to Stored Cross-Site Scripting issues. By default only SuperAdmins in multisite / admins in single site can create forms, however there is a settings allowing them to give lower roles access to such feature. PoC Create a new form with the...