6.5
CVE-2023-0816
- EPSS 0.09%
- Veröffentlicht 27.03.2023 16:15:09
- Zuletzt bearbeitet 19.02.2025 17:15:12
- Quelle contact@wpscan.com
- CVE-Watchlists
- Unerledigt
LoginFormidable Forms <= 6.0.1 - IP Spoofing via HTTP header
The Formidable Forms WordPress plugin before 6.1 uses several potentially untrusted headers to determine the IP address of the client, leading to IP Address spoofing and bypass of anti-spam protections.
Mögliche Gegenmaßnahme
Formidable Forms – Contact Form Plugin, Survey, Quiz, Payment, Calculator Form & Custom Form Builder: Update to version 6.1, or a newer patched version
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Formidable Forms – Contact Form Plugin, Survey, Quiz, Payment, Calculator Form & Custom Form Builder
Version
*-6.0.1
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Strategy11 ≫ Formidable Form Builder SwPlatformwordpress Version < 6.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.09% | 0.26 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 3.9 | 2.5 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 6.5 | 3.9 | 2.5 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
|
CWE-290 Authentication Bypass by Spoofing
This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.