Skip to main content

Formidable

2 CVEs product

Monthly

CVE-2022-29622 CRITICAL POC Act Now

An arbitrary file upload vulnerability in formidable v3.1.4 allows attackers to execute arbitrary code via a crafted filename. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Formidable
NVD GitHub
CVSS 3.1
9.8
EPSS
3.4%
CVE-2017-17780 MEDIUM POC PATCH This Month

The Clockwork SMS clockwork-test-message.php component has XSS via a crafted "to" parameter in a clockwork-test-message request to wp-admin/admin.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS WordPress PHP Booking Calendar Sms Clockwork Sms Notfications +6
NVD
CVSS 3.1
6.1
EPSS
0.3%
EPSS 3% CVSS 9.8
CRITICAL POC Act Now

An arbitrary file upload vulnerability in formidable v3.1.4 allows attackers to execute arbitrary code via a crafted filename. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Formidable
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM POC PATCH This Month

The Clockwork SMS clockwork-test-message.php component has XSS via a crafted "to" parameter in a clockwork-test-message request to wp-admin/admin.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS WordPress PHP +8
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy