8 matches found
CVE-2023-1405
CVE-2023-1405 affects the Formidable Forms WordPress plugin up to version 6.1.2. It arises from unserializing user input, enabling unauthenticated PHP Object Injection when a suitable gadget is present. Impact is HIGH (I:HIGH, A:NONE) with remote attacker access. Mitigation: upgrade to version 6....
CVE-2023-2877
The CVE-2023-2877 entry is supported by multiple connected sources: Formidable Forms WordPress plugin prior to 6.3.1 allows a Subscriber or similarly low-privileged user to install and activate arbitrary plugins from WordPress.org due to inadequate authorization and plugin URL validation, resulti...
CVE-2024-0660
The CVE-2024-0660 entry concerns Formidable Forms for WordPress with CSRF in the update_settings path. Exact root cause: missing or incorrect nonce validation allows unauthenticated attackers to submit forged requests that alter form settings and inject malicious JavaScript, by prompting a site a...
CVE-2024-11188
Formidable Forms – Contact Form Plugin for WordPress (CVE-2024-11188) is affected by a POST-based Reflected Cross-Site Scripting vulnerability via Custom HTML Form parameters in all versions up to 6.16.1.2, caused by insufficient input sanitization and output escaping. Attackers can exploit this ...
CVE-2024-23522
CVE-2024-23522 affects WordPress Formidable Forms plugin versions
CVE-2024-6725
Formidable Forms (WordPress)
CVE-2024-9768
Formidable Forms WordPress plugin prior to version 6.14.1 is affected: it does not sanitize/escape certain settings, enabling Stored XSS by high-privilege users (e.g., admins) even when unfiltered_html is disallowed (such as in multisite). Impact is a stored XSS vector within plugin settings; rem...
CVE-2022-45806
CVE-2022-45806 affects WordPress Formidable Forms plugin versions up to 5.5.4. The vulnerability is a Missing Authorization / Broken Access Control flaw in the Strategy11 Form Builder Team, allowing improper access due to incorrectly configured access control security levels. Public sources consi...