cleantalk
Vulnerabilities and Security Researches

Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder, CVE-2017-20192

CVE, Research URL

CVE-2017-20192

Home page URL

Security reports for Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder

Application

Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder

Published on
Oct 16, 2024
Research Description
The Formidable Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters submitted during form entries like 'after_html' in versions before 2.05.03 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts that execute in a victim's browser.
Affected versions
Min -, max 2.05.03.
Status
vulnerable
Previous vulnerability researches
Formidable – Clockwork SMS (CVE-2017-17780) , Jun 07, 2024
Formidable PRO2PDF (9edf05f0daa525bd6ee144e3e02d24e0339516f5) , Jun 07, 2024
Formidable PRO2PDF (CVE-2023-28663) , Jun 10, 2024
Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder (CVE-2021-24884) , Jun 07, 2024
Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder (CVE-2019-15780) , Jun 07, 2024
New vulnerability
EZ SQL Reports Shortcode Widget and DB Backup (CVE-2025-6462) , Jul 01, 2025
Related Products Manager for WooCommerce (CVE-2025-50045) , Jul 01, 2025
web-cam (CVE-2025-6540) , Jul 01, 2025
WPShapere Lite (CVE-2025-53317) , Jul 01, 2025
WP Edit (CVE-2025-53253) , Jul 01, 2025