Strategy11

Formidable Forms

9 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2022-45806

  • EPSS 0.29%
  • Veröffentlicht 13.12.2024 15:15:07
  • Zuletzt bearbeitet 05.02.2025 14:36:08

Missing Authorization vulnerability in Strategy11 Form Builder Team Formidable Forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Formidable Forms: from n/a through 5.5.4.

6.1

CVE-2024-11188

  • EPSS 1.74%
  • Veröffentlicht 23.11.2024 06:15:17
  • Zuletzt bearbeitet 12.07.2025 00:38:46

The Formidable Forms – Contact Form Plugin, Survey, Quiz, Payment, Calculator Form & Custom Form Builder plugin for WordPress is vulnerable to POST-Based Reflected Cross-Site Scripting via the Custom HTML Form parameters in all versions up to, and in...

4.8

CVE-2024-9768

Exploit
  • EPSS 0.14%
  • Veröffentlicht 21.11.2024 11:15:37
  • Zuletzt bearbeitet 26.11.2024 17:14:14

The Formidable Forms WordPress plugin before 6.14.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is di...

6.1

CVE-2017-20192

Exploit
  • EPSS 23.29%
  • Veröffentlicht 16.10.2024 07:15:05
  • Zuletzt bearbeitet 23.12.2025 15:47:33

The Formidable Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters submitted during form entries like 'after_html' in versions before 2.05.03 due to insufficient input sanitization and output escapin...

5.4

CVE-2024-6725

  • EPSS 0.18%
  • Veröffentlicht 31.07.2024 11:15:10
  • Zuletzt bearbeitet 05.02.2025 15:20:39

The Formidable Forms – Contact Form Plugin, Survey, Quiz, Payment, Calculator Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘html’ parameter in all versions up to, and including, 6.11.1 due to in...

6.1

CVE-2024-23522

  • EPSS 0.31%
  • Veröffentlicht 17.05.2024 09:15:22
  • Zuletzt bearbeitet 03.02.2025 16:20:24

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Strategy11 Form Builder Team Formidable Forms allows Code Injection.This issue affects Formidable Forms: from n/a through 6.7.

4.3

CVE-2024-0660

  • EPSS 0.1%
  • Veröffentlicht 05.02.2024 22:16:03
  • Zuletzt bearbeitet 21.11.2024 08:47:05

The Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.7.2. This is due to missing or incorrect nonce ...

7.5

CVE-2023-1405

Exploit
  • EPSS 0.21%
  • Veröffentlicht 16.01.2024 16:15:10
  • Zuletzt bearbeitet 11.06.2025 17:15:31

The Formidable Forms WordPress plugin before 6.2 unserializes user input, which could allow anonymous users to perform PHP Object Injection when a suitable gadget is present.

8.8

CVE-2023-2877

Exploit
  • EPSS 69%
  • Veröffentlicht 27.06.2023 14:15:11
  • Zuletzt bearbeitet 21.11.2024 07:59:28

The Formidable Forms WordPress plugin before 6.3.1 does not adequately authorize the user or validate the plugin URL in its functionality for installing add-ons. This allows a user with a role as low as Subscriber to install and activate arbitrary pl...