Lucene search
K
Strategy11Formidable Forms

8 matches found

CVE
CVE
added 2024/01/16 3:56 p.m.343 views

CVE-2023-1405

CVE-2023-1405 affects the Formidable Forms WordPress plugin up to version 6.1.2. It arises from unserializing user input, enabling unauthenticated PHP Object Injection when a suitable gadget is present. Impact is HIGH (I:HIGH, A:NONE) with remote attacker access. Mitigation: upgrade to version 6....

7.5CVSS7.6AI score0.00702EPSS
CVE
CVE
added 2023/06/27 1:17 p.m.193 views

CVE-2023-2877

The CVE-2023-2877 entry is supported by multiple connected sources: Formidable Forms WordPress plugin prior to 6.3.1 allows a Subscriber or similarly low-privileged user to install and activate arbitrary plugins from WordPress.org due to inadequate authorization and plugin URL validation, resulti...

8.8CVSS8.9AI score0.22452EPSS
CVE
CVE
added 2024/02/05 9:21 p.m.114 views

CVE-2024-0660

The CVE-2024-0660 entry concerns Formidable Forms for WordPress with CSRF in the update_settings path. Exact root cause: missing or incorrect nonce validation allows unauthenticated attackers to submit forged requests that alter form settings and inject malicious JavaScript, by prompting a site a...

6.1CVSS5.1AI score0.00212EPSS
CVE
CVE
added 2024/11/23 5:40 a.m.66 views

CVE-2024-11188

Formidable Forms – Contact Form Plugin for WordPress (CVE-2024-11188) is affected by a POST-based Reflected Cross-Site Scripting vulnerability via Custom HTML Form parameters in all versions up to 6.16.1.2, caused by insufficient input sanitization and output escaping. Attackers can exploit this ...

6.1CVSS6AI score0.00391EPSS
CVE
CVE
added 2024/05/17 8:47 a.m.63 views

CVE-2024-23522

CVE-2024-23522 affects WordPress Formidable Forms plugin versions

6.1CVSS6.8AI score0.00336EPSS
CVE
CVE
added 2024/07/31 10:59 a.m.59 views

CVE-2024-6725

Formidable Forms (WordPress)

5.4CVSS4.7AI score0.00352EPSS
CVE
CVE
added 2024/11/21 6:0 a.m.58 views

CVE-2024-9768

Formidable Forms WordPress plugin prior to version 6.14.1 is affected: it does not sanitize/escape certain settings, enabling Stored XSS by high-privilege users (e.g., admins) even when unfiltered_html is disallowed (such as in multisite). Impact is a stored XSS vector within plugin settings; rem...

4.8CVSS4.7AI score0.00418EPSS
CVE
CVE
added 2024/12/13 2:22 p.m.57 views

CVE-2022-45806

CVE-2022-45806 affects WordPress Formidable Forms plugin versions up to 5.5.4. The vulnerability is a Missing Authorization / Broken Access Control flaw in the Strategy11 Form Builder Team, allowing improper access due to incorrectly configured access control security levels. Public sources consi...

9.8CVSS5.1AI score0.00502EPSS