Formidable Forms@* Security Vulnerabilities and Issues — Formidable Forms@* CVE List

Lucene search

Strategy11Formidable Forms*

8 matches found

CVE•added 2024/01/16 4:15 p.m.•307 views

CVE-2023-1405

The Formidable Forms WordPress plugin before 6.2 unserializes user input, which could allow anonymous users to perform PHP Object Injection when a suitable gadget is present.

7.5CVSS7.6AI score0.00278EPSS

CVE•added 2023/06/27 2:15 p.m.•149 views

CVE-2023-2877

The Formidable Forms WordPress plugin before 6.3.1 does not adequately authorize the user or validate the plugin URL in its functionality for installing add-ons. This allows a user with a role as low as Subscriber to install and activate arbitrary plugins of arbitrary versions from the WordPress.or...

8.8CVSS8.9AI score0.72024EPSS

CVE•added 2024/02/05 10:16 p.m.•88 views

CVE-2024-0660

The Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.7.2. This is due to missing or incorrect nonce validation on the update_settings function. This ...

6.1CVSS5.1AI score0.00097EPSS

CVE•added 2024/05/17 9:15 a.m.•49 views

CVE-2024-23522

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Strategy11 Form Builder Team Formidable Forms allows Code Injection.This issue affects Formidable Forms: from n/a through 6.7.

6.1CVSS6.8AI score0.00307EPSS

CVE•added 2024/11/23 6:15 a.m.•43 views

CVE-2024-11188

The Formidable Forms – Contact Form Plugin, Survey, Quiz, Payment, Calculator Form & Custom Form Builder plugin for WordPress is vulnerable to POST-Based Reflected Cross-Site Scripting via the Custom HTML Form parameters in all versions up to, and including, 6.16.1.2 due to insufficient input sanit...

6.1CVSS6AI score0.00704EPSS

CVE•added 2024/11/21 11:15 a.m.•42 views

CVE-2024-9768

The Formidable Forms WordPress plugin before 6.14.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

4.8CVSS4.7AI score0.00086EPSS

CVE•added 2024/07/31 11:15 a.m.•40 views

CVE-2024-6725

The Formidable Forms – Contact Form Plugin, Survey, Quiz, Payment, Calculator Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘html’ parameter in all versions up to, and including, 6.11.1 due to insufficient input sanitization and output escaping...

5.4CVSS4.7AI score0.00105EPSS

CVE•added 2024/12/13 3:15 p.m.•39 views

CVE-2022-45806

Missing Authorization vulnerability in Strategy11 Form Builder Team Formidable Forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Formidable Forms: from n/a through 5.5.4.

9.8CVSS4.7AI score0.00128EPSS