Skip to main content

Formidable Form Builder

5 CVEs product

Monthly

CVE-2023-0816 MEDIUM POC This Month

The Formidable Forms WordPress plugin before 6.1 uses several potentially untrusted headers to determine the IP address of the client, leading to IP Address spoofing and bypass of anti-spam. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass Formidable Form Builder
NVD WPScan
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-24419 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Strategy11 Form Builder Team Formidable Forms plugin <= 5.5.6 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Formidable Form Builder
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2021-24884 CRITICAL POC PATCH Act Now

The Formidable Form Builder WordPress plugin before 4.09.05 allows to inject certain HTML Tags like <audio>,<video>,<img>,<a> and<button>.This could allow an unauthenticated, remote attacker to. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE PHP CSRF WordPress XSS +1
NVD GitHub WPScan
CVSS 3.1
9.6
EPSS
3.1%
CVE-2021-24608 MEDIUM POC PATCH This Month

The Formidable Form Builder - Contact Form, Survey & Quiz Forms Plugin for WordPress plugin before 5.0.07 does not sanitise and escape its Form's Labels, allowing high privileged users to perform. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

WordPress XSS Formidable Form Builder
NVD WPScan
CVSS 3.1
4.8
EPSS
0.7%
CVE-2019-15780 CRITICAL Act Now

The formidable plugin before 4.02.01 for WordPress has unsafe deserialization. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Deserialization Formidable Form Builder
NVD
CVSS 3.1
9.8
EPSS
2.4%
EPSS 0% CVSS 6.5
MEDIUM POC This Month

The Formidable Forms WordPress plugin before 6.1 uses several potentially untrusted headers to determine the IP address of the client, leading to IP Address spoofing and bypass of anti-spam. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass Formidable Form Builder
NVD WPScan
EPSS 0% CVSS 8.8
HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Strategy11 Form Builder Team Formidable Forms plugin <= 5.5.6 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Formidable Form Builder
NVD
EPSS 3% CVSS 9.6
CRITICAL POC PATCH Act Now

The Formidable Form Builder WordPress plugin before 4.09.05 allows to inject certain HTML Tags like <audio>,<video>,<img>,<a> and<button>.This could allow an unauthenticated, remote attacker to. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE PHP CSRF +3
NVD GitHub WPScan
EPSS 1% CVSS 4.8
MEDIUM POC PATCH This Month

The Formidable Form Builder - Contact Form, Survey & Quiz Forms Plugin for WordPress plugin before 5.0.07 does not sanitise and escape its Form's Labels, allowing high privileged users to perform. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

WordPress XSS Formidable Form Builder
NVD WPScan
EPSS 2% CVSS 9.8
CRITICAL Act Now

The formidable plugin before 4.02.01 for WordPress has unsafe deserialization. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Deserialization Formidable Form Builder
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy