cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2017-20194,https://securityvulnerability.io/vulnerability/CVE-2017-20194,Unauthenticated Attackers Can Export All Form Entries via Plugin Flaw,"The Formidable Form Builder plugin for WordPress has a vulnerability that allows for sensitive data exposure through the frm_forms_preview AJAX action. This flaw enables unseen attackers to export all entries submitted via form interfaces, posing a significant risk of data leakage. Affected versions of this plugin, up to and including 2.05.03, require immediate attention to safeguard against unauthorized data access. Site administrators must perform updates and implement security measures to mitigate exposure risks.",Wordpress,"Formidable Forms – Contact Form Plugin, Survey, Quiz, Payment, Calculator Form & Custom Form Builder",5.3,MEDIUM,0.0004600000102072954,false,,false,false,false,,false,false,2024-10-16T07:31:52.606Z,0
CVE-2017-20192,https://securityvulnerability.io/vulnerability/CVE-2017-20192,Plugin Vulnerable to Stored Cross-Site Scripting,"The Formidable Form Builder plugin for WordPress contains a vulnerability that permits Stored Cross-Site Scripting (XSS) attacks via multiple parameters during form submissions, including 'after_html'. This flaw arises due to inadequate input sanitization and output escaping practices in versions earlier than 2.05.03. As a result, unauthenticated attackers can exploit this weakness to inject malicious web scripts, which may execute in the browsers of affected users, leading to potential data breaches and other security risks.",Wordpress,"Formidable Forms – Contact Form Plugin, Survey, Quiz, Payment, Calculator Form & Custom Form Builder",8.3,HIGH,0.0005200000014156103,false,,false,false,false,,false,false,2024-10-16T06:43:36.437Z,0
CVE-2024-6725,https://securityvulnerability.io/vulnerability/CVE-2024-6725,Stored Cross-Site Scripting Vulnerability Affects Formidable Forms Plugin,"The Formidable Forms – Contact Form Plugin, Survey, Quiz, Payment, Calculator Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘html’ parameter in all versions up to, and including, 6.11.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with form editing permissions and Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,"Formidable Forms – Contact Form Plugin, Survey, Quiz, Payment, Calculator Form & Custom Form Builder",4.9,MEDIUM,0.0005300000193528831,false,,false,false,false,,false,false,2024-07-31T10:59:17.745Z,0
CVE-2024-0660,https://securityvulnerability.io/vulnerability/CVE-2024-0660,Formidable Forms Vulnerable to Cross-Site Request Forgery,"The Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.7.2. This is due to missing or incorrect nonce validation on the update_settings function. This makes it possible for unauthenticated attackers to change form settings and add malicious JavaScript via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.",Wordpress,"Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder",4.3,MEDIUM,0.0005300000193528831,false,,false,false,false,,false,false,2024-02-05T21:21:59.377Z,0
CVE-2023-6830,https://securityvulnerability.io/vulnerability/CVE-2023-6830,HTML Injection Vulnerability in Formidable Forms Plugin for WordPress,"The Formidable Forms plugin for WordPress is susceptible to HTML injection, allowing unauthenticated users to inject arbitrary HTML into form fields. Administrators viewing submitted form data may encounter this injected code in the Entries View Page, which could lead to potential admin area defacement or redirection to harmful sites. It is crucial for users to update to the latest version to mitigate these risks and protect their web applications from unauthorized access.",Wordpress,"Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder",6.1,MEDIUM,0.0005499999970197678,false,,false,false,false,,false,false,2024-01-09T07:15:00.000Z,0
CVE-2023-6842,https://securityvulnerability.io/vulnerability/CVE-2023-6842,Stored Cross-Site Scripting vulnerability in Formidable Forms plugin for WordPress,"The Formidable Forms plugin for WordPress is susceptible to Stored Cross-Site Scripting (XSS). This vulnerability arises from inadequate input sanitization and output escaping of the name and description field labels, which can be exploited by authenticated users with administrator-level access to inject malicious scripts. While primarily affecting multi-site installations and those with unfiltered HTML disabled, this flaw can also be exploited by users with extended permissions for form management, enabling lower-level users to carry out attacks on injected pages when accessed by other users.",Wordpress,"Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder",4.8,MEDIUM,0.0004799999878741801,false,,false,false,false,,false,false,2024-01-09T07:15:00.000Z,0
CVE-2021-24884,https://securityvulnerability.io/vulnerability/CVE-2021-24884,Formidable Form Builder < 4.09.05 - Unauthenticated Stored Cross-Site Scripting,"The Formidable Form Builder WordPress plugin before 4.09.05 allows to inject certain HTML Tags like <audio>,<video>,<img>,<a> and<button>.This could allow an unauthenticated, remote attacker to exploit a HTML-injection byinjecting a malicous link. The HTML-injection may trick authenticated users to follow the link. If the Link gets clicked, Javascript code can be executed. The vulnerability is due to insufficient sanitization of the ""data-frmverify"" tag for links in the web-based entry inspection page of affected systems. A successful exploitation incomibantion with CSRF could allow the attacker to perform arbitrary actions on an affected system with the privileges of the user. These actions include stealing the users account by changing their password or allowing attackers to submit their own code through an authenticated user resulting in Remote Code Execution. If an authenticated user who is able to edit Wordpress PHP Code in any kind, clicks the malicious link, PHP code can be edited.",Wordpress,"Formidable Form Builder – Contact Form, Survey & Quiz Forms Plugin For WordPress",9.6,CRITICAL,0.01549999974668026,false,,false,false,true,true,false,false,2021-10-25T13:20:59.000Z,0
CVE-2021-24608,https://securityvulnerability.io/vulnerability/CVE-2021-24608,Formidable Form Builder < 5.0.07 - Admin+ Stored Cross-Site Scripting,"The Formidable Form Builder – Contact Form, Survey & Quiz Forms Plugin for WordPress plugin before 5.0.07 does not sanitise and escape its Form's Labels, allowing high privileged users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed",Wordpress,"Formidable Form Builder – Contact Form, Survey & Quiz Forms Plugin For WordPress",4.8,MEDIUM,0.000539999979082495,false,,false,false,false,,false,false,2021-10-25T13:20:45.000Z,0