Vulnerabilities and security researches forformidable formidable

Direction: ascending

Jun 07, 2024

Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder # CVE-2021-24884

CVE, Research URL: CVE-2021-24884
Home page URL: Security reports for Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder
Application: Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder
Date: Oct 25, 2021
Research Description: The Formidable Form Builder WordPress plugin before 4.09.05 allows to inject certain HTML Tags like <audio>,<video>,<img>,<a> and<button>.This could allow an unauthenticated, remote attacker to exploit a HTML-injection byinjecting a malicous link. The HTML-injection may trick authenticated users to follow the link. If the Link gets clicked, Javascript code can be executed. The vulnerability is due to insufficient sanitization of the "data-frmverify" tag for links in the web-based entry inspection page of affected systems. A successful exploitation incomibantion with CSRF could allow the attacker to perform arbitrary actions on an affected system with the privileges of the user. These actions include stealing the users account by changing their password or allowing attackers to submit their own code through an authenticated user resulting in Remote Code Execution. If an authenticated user who is able to edit Wordpress PHP Code in any kind, clicks the malicious link, PHP code can be edited.
Affected versions: Min -, max -.
Status: vulnerable

Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder # CVE-2019-15780

CVE, Research URL: CVE-2019-15780
Home page URL: Security reports for Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder
Application: Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder
Date: Aug 29, 2019
Research Description: The formidable plugin before 4.02.01 for WordPress has unsafe deserialization.
Affected versions: Min -, max -.
Status: vulnerable

Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder # CVE-2021-24608

CVE, Research URL: CVE-2021-24608
Home page URL: Security reports for Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder
Application: Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder
Date: Oct 25, 2021
Research Description: The Formidable Form Builder – Contact Form, Survey & Quiz Forms Plugin for WordPress plugin before 5.0.07 does not sanitise and escape its Form's Labels, allowing high privileged users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
Affected versions: Min -, max -.
Status: vulnerable

Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder # CVE-2021-39330

CVE, Research URL: -
Home page URL: Security reports for Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder
Application: Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder
Date: Oct 14, 2021
Research Description: Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-24608. Reason: This candidate is a duplicate of CVE-2021-24608. Notes: All CVE users should reference CVE-2021-24608 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage
Affected versions: Min -, max -.
Status: vulnerable

Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder # CVE-2023-0816

CVE, Research URL: CVE-2023-0816
Home page URL: Security reports for Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder
Application: Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder
Date: Mar 27, 2023
Research Description: The Formidable Forms WordPress plugin before 6.1 uses several potentially untrusted headers to determine the IP address of the client, leading to IP Address spoofing and bypass of anti-spam protections.
Affected versions: Min -, max -.
Status: vulnerable

Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder # CVE-2023-1405

CVE, Research URL: CVE-2023-1405
Home page URL: Security reports for Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder
Application: Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder
Date: Jan 16, 2024
Research Description: The Formidable Forms WordPress plugin before 6.2 unserializes user input, which could allow anonymous users to perform PHP Object Injection when a suitable gadget is present.
Affected versions: Min -, max -.
Status: vulnerable

Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder # CVE-2023-2877

CVE, Research URL: CVE-2023-2877
Home page URL: Security reports for Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder
Application: Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder
Date: Jun 27, 2023
Research Description: The Formidable Forms WordPress plugin before 6.3.1 does not adequately authorize the user or validate the plugin URL in its functionality for installing add-ons. This allows a user with a role as low as Subscriber to install and activate arbitrary plugins of arbitrary versions from the WordPress.org plugin repository onto the site, leading to Remote Code Execution.
Affected versions: Min -, max -.
Status: vulnerable

Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder # CVE-2023-6842

CVE, Research URL: CVE-2023-6842
Home page URL: Security reports for Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder
Application: Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder
Date: Jan 09, 2024
Research Description: The Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the name field label and description field label parameter in all versions up to 6.7 (inclusive) due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. By default, this only affects multi-site installations and installations where unfiltered_html has been disabled. However, in the formidable settings admins can extend form creation, deletion and other management permissions to other user types, which makes it possible for this vulnerability to be exploited by lower level user types as long as they have been granted the proper permissions.
Affected versions: Min -, max -.
Status: vulnerable

Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder # CVE-2024-23522

CVE, Research URL: CVE-2024-23522
Home page URL: Security reports for Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder
Application: Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder
Date: May 17, 2024
Research Description: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Strategy11 Form Builder Team Formidable Forms allows Code Injection.This issue affects Formidable Forms: from n/a through 6.7.
Affected versions: Min -, max -.
Status: vulnerable

Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder # CVE-2024-0660

CVE, Research URL: CVE-2024-0660
Home page URL: Security reports for Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder
Application: Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder
Date: Feb 06, 2024
Research Description: The Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.7.2. This is due to missing or incorrect nonce validation on the update_settings function. This makes it possible for unauthenticated attackers to change form settings and add malicious JavaScript via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions: Min -, max -.
Status: vulnerable

Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder # CVE-2009-4140

CVE, Research URL: CVE-2009-4140
Home page URL: Security reports for Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder
Application: Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder
Date: Dec 23, 2009
Research Description: Unrestricted file upload vulnerability in ofc_upload_image.php in Open Flash Chart v2 Beta 1 through v2 Lug Wyrm Charmer, as used in Piwik 0.2.35 through 0.4.3, Woopra Analytics Plugin before 1.4.3.2, and possibly other products, when register_globals is enabled, allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension through the name parameter with the code in the HTTP_RAW_POST_DATA parameter, then accessing it via a direct request to the file in tmp-upload-images/.
Affected versions: Min -, max -.
Status: vulnerable

Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder # CVE-2023-6830

CVE, Research URL: CVE-2023-6830
Home page URL: Security reports for Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder
Application: Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder
Date: Jan 09, 2024
Research Description: The Formidable Forms plugin for WordPress is vulnerable to HTML injection in versions up to, and including, 6.7. This vulnerability allows unauthenticated users to inject arbitrary HTML code into form fields. When the form data is viewed by an administrator in the Entries View Page, the injected HTML code is rendered, potentially leading to admin area defacement or redirection to malicious websites.
Affected versions: Min -, max -.
Status: vulnerable

Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder # CVE-2023-24419

CVE, Research URL: CVE-2023-24419
Home page URL: Security reports for Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder
Application: Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder
Date: Feb 28, 2023
Research Description: Cross-Site Request Forgery (CSRF) vulnerability in Strategy11 Form Builder Team Formidable Forms plugin <= 5.5.6 versions.
Affected versions: Min -, max -.
Status: vulnerable

Jun 10, 2024

Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder # CVE-2022-45806

CVE, Research URL: CVE-2022-45806
Home page URL: Security reports for Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder
Application: Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder
Date: Dec 13, 2024
Research Description: Missing Authorization vulnerability in Strategy11 Form Builder Team Formidable Forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Formidable Forms: from n/a through 5.5.4.
Affected versions: Min -, max -.
Status: vulnerable

Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder # CVE-2014-9309

CVE, Research URL: CVE-2014-9309
Home page URL: Security reports for Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder
Application: Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder
Date: -
Research Description: The Formidable Form Builder plugin for WordPress is vulnerable to blind SQL Injection via the ‘orderby’ parameter in versions up to, and including, 1.07.11 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Affected versions: Min -, max -.
Status: vulnerable

Aug 01, 2024

Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder # CVE-2024-6725

CVE, Research URL: CVE-2024-6725
Home page URL: Security reports for Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder
Application: Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder
Date: Jul 31, 2024
Research Description: The Formidable Forms – Contact Form Plugin, Survey, Quiz, Payment, Calculator Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘html’ parameter in all versions up to, and including, 6.11.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with form editing permissions and Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: Min -, max -.
Status: vulnerable

Oct 18, 2024

Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder # CVE-2017-20194

CVE, Research URL: CVE-2017-20194
Home page URL: Security reports for Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder
Application: Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder
Date: Oct 16, 2024
Research Description: The Formidable Form Builder plugin for WordPress is vulnerable to Sensitive Data Exposure in versions up to, and including, 2.05.03 via the frm_forms_preview AJAX action. This makes it possible for unauthenticated attackers to export all of the form entries for a given form.
Affected versions: Min -, max -.
Status: vulnerable

Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder # CVE-2017-20192

CVE, Research URL: CVE-2017-20192
Home page URL: Security reports for Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder
Application: Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder
Date: Oct 16, 2024
Research Description: The Formidable Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters submitted during form entries like 'after_html' in versions before 2.05.03 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts that execute in a victim's browser.
Affected versions: Min -, max -.
Status: vulnerable

Nov 22, 2024

Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder # CVE-2024-9768

CVE, Research URL: CVE-2024-9768
Home page URL: Security reports for Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder
Application: Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder
Date: Nov 21, 2024
Research Description: The Formidable Forms WordPress plugin before 6.14.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
Affected versions: Min -, max -.
Status: vulnerable

Nov 24, 2024

Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder # CVE-2024-11188

CVE, Research URL: CVE-2024-11188
Home page URL: Security reports for Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder
Application: Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder
Date: Nov 23, 2024
Research Description: The Formidable Forms – Contact Form Plugin, Survey, Quiz, Payment, Calculator Form & Custom Form Builder plugin for WordPress is vulnerable to POST-Based Reflected Cross-Site Scripting via the Custom HTML Form parameters in all versions up to, and including, 6.16.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Affected versions: Min -, max -.
Status: vulnerable

Vulnerabilities and security researches forformidable formidable

Formidable Forms &#8211; Contact Form, Survey, Quiz, Payment, Calculator Form &amp; Custom Form Builder # CVE-2021-24884

Formidable Forms &#8211; Contact Form, Survey, Quiz, Payment, Calculator Form &amp; Custom Form Builder # CVE-2019-15780

Formidable Forms &#8211; Contact Form, Survey, Quiz, Payment, Calculator Form &amp; Custom Form Builder # CVE-2021-24608

Formidable Forms &#8211; Contact Form, Survey, Quiz, Payment, Calculator Form &amp; Custom Form Builder # CVE-2021-39330

Formidable Forms &#8211; Contact Form, Survey, Quiz, Payment, Calculator Form &amp; Custom Form Builder # CVE-2023-0816

Formidable Forms &#8211; Contact Form, Survey, Quiz, Payment, Calculator Form &amp; Custom Form Builder # CVE-2023-1405

Formidable Forms &#8211; Contact Form, Survey, Quiz, Payment, Calculator Form &amp; Custom Form Builder # CVE-2023-2877

Formidable Forms &#8211; Contact Form, Survey, Quiz, Payment, Calculator Form &amp; Custom Form Builder # CVE-2023-6842

Formidable Forms &#8211; Contact Form, Survey, Quiz, Payment, Calculator Form &amp; Custom Form Builder # CVE-2024-23522

Formidable Forms &#8211; Contact Form, Survey, Quiz, Payment, Calculator Form &amp; Custom Form Builder # CVE-2024-0660

Formidable Forms &#8211; Contact Form, Survey, Quiz, Payment, Calculator Form &amp; Custom Form Builder # CVE-2009-4140

Formidable Forms &#8211; Contact Form, Survey, Quiz, Payment, Calculator Form &amp; Custom Form Builder # CVE-2023-6830

Formidable Forms &#8211; Contact Form, Survey, Quiz, Payment, Calculator Form &amp; Custom Form Builder # CVE-2023-24419

Formidable Forms &#8211; Contact Form, Survey, Quiz, Payment, Calculator Form &amp; Custom Form Builder # CVE-2022-45806

Formidable Forms &#8211; Contact Form, Survey, Quiz, Payment, Calculator Form &amp; Custom Form Builder # CVE-2014-9309

Formidable Forms &#8211; Contact Form, Survey, Quiz, Payment, Calculator Form &amp; Custom Form Builder # CVE-2024-6725

Formidable Forms &#8211; Contact Form, Survey, Quiz, Payment, Calculator Form &amp; Custom Form Builder # CVE-2017-20194

Formidable Forms &#8211; Contact Form, Survey, Quiz, Payment, Calculator Form &amp; Custom Form Builder # CVE-2017-20192

Formidable Forms &#8211; Contact Form, Survey, Quiz, Payment, Calculator Form &amp; Custom Form Builder # CVE-2024-9768

Formidable Forms &#8211; Contact Form, Survey, Quiz, Payment, Calculator Form &amp; Custom Form Builder # CVE-2024-11188

Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder # CVE-2021-24884

Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder # CVE-2019-15780

Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder # CVE-2021-24608

Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder # CVE-2021-39330

Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder # CVE-2023-0816

Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder # CVE-2023-1405

Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder # CVE-2023-2877

Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder # CVE-2023-6842

Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder # CVE-2024-23522

Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder # CVE-2024-0660

Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder # CVE-2009-4140

Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder # CVE-2023-6830

Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder # CVE-2023-24419

Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder # CVE-2022-45806

Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder # CVE-2014-9309

Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder # CVE-2024-6725

Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder # CVE-2017-20194

Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder # CVE-2017-20192

Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder # CVE-2024-9768

Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder # CVE-2024-11188