6.5
CVE-2023-0816
- EPSS 0.5%
- Veröffentlicht 27.03.2023 16:15:09
- Zuletzt bearbeitet 19.02.2025 17:15:12
- Quelle contact@wpscan.com
- CVE-Watchlists
- Unerledigt
LoginFormidable Forms < 6.1 - IP Spoofing
Formidable Forms <= 6.0.1 - IP Spoofing via HTTP header
The Formidable Forms WordPress plugin before 6.1 uses several potentially untrusted headers to determine the IP address of the client, leading to IP Address spoofing and bypass of anti-spam protections.
Mögliche Gegenmaßnahme
Formidable Forms – WordPress Form Builder for Contact Forms, Calculators, Quizzes & More: Update to version 6.1, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Strategy11 ≫ Formidable Form Builder SwPlatformwordpress Version < 6.1
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Formidable Forms – WordPress Form Builder for Contact Forms, Calculators, Quizzes & More
Version
*-6.0.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.5% | 0.387 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 3.9 | 2.5 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 6.5 | 3.9 | 2.5 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
|
CWE-290 Authentication Bypass by Spoofing
This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.
https://wpscan.com/vulnerability/a281f63f-e295-4666-8a08-01b23cd5a744
https://www.wordfence.com/threat-intel/vulnerabilities/id/909b5421-210d-427a-94a0-e1ea25880cec