6 matches found
CVE-2023-0816
CVE-2023-0816 affects the WordPress plugin Formidable Forms (before 6.1). The vulnerability arises from using several potentially untrusted HTTP headers to determine the client IP address, enabling IP address spoofing and bypass of anti-spam protections. Affected versions: Formidable Forms
CVE-2023-24419
CVE-2023-24419 affects the WordPress Formidable Forms plugin (
CVE-2021-24884
The CVE-2021-24884 entry concerns the WordPress Formidable Form Builder plugin prior to version 4.09.05. Multiple connected sources confirm a stored XSS/HTML-injection vulnerability stemming from insufficient sanitization of the data-frmverify tag in links on the web-based entry inspection page, ...
CVE-2017-20192
CVE-2017-20192 affects Formidable Form Builder for WordPress prior to 2.05.03. The root cause is insufficient input sanitization and output escaping in form parameters (notably after_html), enabling Stored Cross-Site Scripting where unauthenticated attackers can inject scripts into victims’ brows...
CVE-2019-15780
The CVE concerns the WordPress Formidable Form Builder plugin. Affected: Formidable Form Builder plugin for WordPress prior to version 4.02.01. Root cause: unsafe deserialization in the plugin. Impact: high/critical severity indicators in multiple references (CVSS up to 9.8 in some data) with rem...
CVE-2021-24608
The CVE-2021-24608 entry concerns the WordPress plugin Formidable Form Builder – Contact Form, Survey & Quiz Forms, prior to version 5.0.07. Affected component: form labels in the plugin’s admin/form UI. Root cause: the plugin does not sanitize/escape form labels, enabling cross-site scripting (X...