WordPress Formidable Forms Plugin < 6.14.1 is vulnerable to Cross Site Scripting (XSS)

Software Formidable Forms Type Plugin Vulnerable versions 6.14.1 Fixed in 6.14.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9768 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 929c3f675f30 Credits Krugov Artyom Required...

WordPress Formidable Forms Plugin <= 6.11.1 is vulnerable to Cross Site Scripting (XSS)

Software Formidable Forms Type Plugin Vulnerable versions = 6.11.1 Fixed in 6.11.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6725 Patch priority Low CVSS severity Low 4.9 Developer Claim ownership PSID b87ac759b2ea Credits zer0gh0st Required...

WordPress Formidable Forms Plugin <= 6.7 is vulnerable to Content Injection

Software Formidable Forms Type Plugin Vulnerable versions = 6.7 Fixed in 6.7.1 OWASP Top 10 A3: Injection Classification Content Injection CVE CVE-2024-23522 Patch priority Medium CVSS severity Medium 5.3 Developer Claim ownership PSID b82c61d4e6f0 Credits Revan Arifio Required privilege...

WordPress Formidable Forms Plugin <= 6.7.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software Formidable Forms Type Plugin Vulnerable versions = 6.7.2 Fixed in 6.8 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-0660 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 7a7ac0638cbc Credits Webbernaut Required...

WordPress Formidable Forms Plugin <= 6.7 is vulnerable to Cross Site Scripting (XSS)

Software Formidable Forms Type Plugin Vulnerable versions = 6.7 Fixed in 6.7.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-6842 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 9bd3f7b9f18e Credits drop Required privilege...

WordPress Formidable Forms Plugin < 6.3.1 is vulnerable to Remote Code Execution (RCE)

Software Formidable Forms Type Plugin Vulnerable versions 6.3.1 Fixed in 6.3.1 OWASP Top 10 A1: Injection Classification Remote Code Execution RCE CVE CVE-2023-2877 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID 64ee0a3444e8 Credits Alex Sanford Required privilege...

WordPress Formidable Forms Plugin < 6.3.1 is vulnerable to Broken Access Control

Software Formidable Forms Type Plugin Vulnerable versions 6.3.1 Fixed in 6.3.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE N/A Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID bb421c7db580 Credits WordFence Required privilege...

WordPress Formidable Forms Plugin <= 6.1.2 is vulnerable to PHP Object Injection

Software Formidable Forms Type Plugin Vulnerable versions = 6.1.2 Fixed in 6.2 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2023-1405 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID e0f1ba3999f1 Credits Nguyen Huu Do Required privilege...

WordPress Formidable Forms Plugin < 6.1 is vulnerable to Bypass Vulnerability

Software Formidable Forms Type Plugin Vulnerable versions 6.1 Fixed in 6.1 OWASP Top 10 A1: Injection Classification Bypass Vulnerability CVE CVE-2023-0816 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 9879bb5c0709 Credits Daniel Ruf Required privilege Unauthenticated...

WordPress Formidable Forms Plugin <= 5.5.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software Formidable Forms Type Plugin Vulnerable versions = 5.5.4 Fixed in 5.5.5 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-45806 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 8708888535f1 Credits István Márton...

WordPress Formidable Forms Plugin <= 5.5.6 is vulnerable to Cross Site Request Forgery (CSRF)

Software Formidable Forms Type Plugin Vulnerable versions = 5.5.6 Fixed in 5.5.7 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-24419 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID ea449e0665e1 Credits Rafshanzani Suhada...