9 matches found
CVE-2023-0816
CVE-2023-0816 affects the WordPress plugin Formidable Forms (before 6.1). The vulnerability arises from using several potentially untrusted HTTP headers to determine the client IP address, enabling IP address spoofing and bypass of anti-spam protections. Affected versions: Formidable Forms
CVE-2023-24419
CVE-2023-24419 affects the WordPress Formidable Forms plugin (
CVE-2021-24884
The CVE-2021-24884 entry concerns the WordPress Formidable Form Builder plugin prior to version 4.09.05. Multiple connected sources confirm a stored XSS/HTML-injection vulnerability stemming from insufficient sanitization of the data-frmverify tag in links on the web-based entry inspection page, ...
CVE-2017-20192
CVE-2017-20192 affects Formidable Form Builder for WordPress prior to 2.05.03. The root cause is insufficient input sanitization and output escaping in form parameters (notably after_html), enabling Stored Cross-Site Scripting where unauthenticated attackers can inject scripts into victims’ brows...
CVE-2019-15780
The CVE concerns the WordPress Formidable Form Builder plugin. Affected: Formidable Form Builder plugin for WordPress prior to version 4.02.01. Root cause: unsafe deserialization in the plugin. Impact: high/critical severity indicators in multiple references (CVSS up to 9.8 in some data) with rem...
CVE-2021-24608
The CVE-2021-24608 entry concerns the WordPress plugin Formidable Form Builder – Contact Form, Survey & Quiz Forms, prior to version 5.0.07. Affected component: form labels in the plugin’s admin/form UI. Root cause: the plugin does not sanitize/escape form labels, enabling cross-site scripting (X...
CVE-2023-6842
The CVE-2023-6842 entry concerns Formidable Forms for WordPress, where Stored Cross-Site Scripting is possible via the name and description field labels in all versions up to 6.7. Root cause: insufficient input sanitization and output escaping. Impact: authenticated attackers with administrator-l...
CVE-2023-6830
CVE-2023-6830 affects the WordPress plugin Formidable Forms (
CVE-2017-20194
CVE-2017-20194 affects Formidable Form Builder for WordPress. The vulnerability is an unauthenticated information disclosure via the frm_forms_preview AJAX action in versions up to 2.05.03, allowing retrieval/export of all form entries for a given form. Impact is sensitive data exposure; no explo...