Formidable Forms Security Vulnerabilities and Issues — Formidable Forms CVE List

Lucene search

Strategy11Formidable Forms

11 matches found

CVE•added 2024/01/16 4:15 p.m.•303 views

CVE-2023-1405

The Formidable Forms WordPress plugin before 6.2 unserializes user input, which could allow anonymous users to perform PHP Object Injection when a suitable gadget is present.

7.5CVSS7.6AI score0.00278EPSS

CVE•added 2023/06/27 2:15 p.m.•144 views

CVE-2023-2877

The Formidable Forms WordPress plugin before 6.3.1 does not adequately authorize the user or validate the plugin URL in its functionality for installing add-ons. This allows a user with a role as low as Subscriber to install and activate arbitrary plugins of arbitrary versions from the WordPress.or...

8.8CVSS8.9AI score0.72024EPSS

CVE•added 2024/02/05 10:16 p.m.•85 views

CVE-2024-0660

The Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.7.2. This is due to missing or incorrect nonce validation on the update_settings function. This ...

6.1CVSS5.1AI score0.00097EPSS

CVE•added 2023/03/27 4:15 p.m.•84 views

CVE-2023-0816

The Formidable Forms WordPress plugin before 6.1 uses several potentially untrusted headers to determine the IP address of the client, leading to IP Address spoofing and bypass of anti-spam protections.

6.5CVSS6.4AI score0.00089EPSS

CVE•added 2024/05/17 9:15 a.m.•48 views

CVE-2024-23522

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Strategy11 Form Builder Team Formidable Forms allows Code Injection.This issue affects Formidable Forms: from n/a through 6.7.

6.1CVSS6.8AI score0.00307EPSS

CVE•added 2024/10/16 7:15 a.m.•43 views

CVE-2017-20192

The Formidable Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters submitted during form entries like 'after_html' in versions before 2.05.03 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated att...

8.3CVSS7.2AI score0.00279EPSS

CVE•added 2024/11/23 6:15 a.m.•42 views

CVE-2024-11188

The Formidable Forms – Contact Form Plugin, Survey, Quiz, Payment, Calculator Form & Custom Form Builder plugin for WordPress is vulnerable to POST-Based Reflected Cross-Site Scripting via the Custom HTML Form parameters in all versions up to, and including, 6.16.1.2 due to insufficient input sanit...

6.1CVSS6AI score0.00188EPSS

CVE•added 2024/11/21 11:15 a.m.•41 views

CVE-2024-9768

The Formidable Forms WordPress plugin before 6.14.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

4.8CVSS4.7AI score0.00057EPSS

CVE•added 2024/10/16 8:15 a.m.•39 views

CVE-2017-20194

The Formidable Form Builder plugin for WordPress is vulnerable to Sensitive Data Exposure in versions up to, and including, 2.05.03 via the frm_forms_preview AJAX action. This makes it possible for unauthenticated attackers to export all of the form entries for a given form.

5.3CVSS5.2AI score0.00038EPSS

CVE•added 2024/07/31 11:15 a.m.•39 views

CVE-2024-6725

The Formidable Forms – Contact Form Plugin, Survey, Quiz, Payment, Calculator Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘html’ parameter in all versions up to, and including, 6.11.1 due to insufficient input sanitization and output escaping...

5.4CVSS4.7AI score0.00068EPSS

CVE•added 2024/12/13 3:15 p.m.•38 views

CVE-2022-45806

Missing Authorization vulnerability in Strategy11 Form Builder Team Formidable Forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Formidable Forms: from n/a through 5.5.4.

9.8CVSS4.7AI score0.00092EPSS