cleantalk
Vulnerabilities and Security Researches

Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder, CVE-2023-2877

CVE, Research URL

CVE-2023-2877

Home page URL

Security reports for Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder

Application

Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder

Published on
Jun 27, 2023
Research Description
The Formidable Forms WordPress plugin before 6.3.1 does not adequately authorize the user or validate the plugin URL in its functionality for installing add-ons. This allows a user with a role as low as Subscriber to install and activate arbitrary plugins of arbitrary versions from the WordPress.org plugin repository onto the site, leading to Remote Code Execution.
Affected versions
max 6.3.1.
Status
vulnerable
Previous vulnerability researches
Formidable – Clockwork SMS (CVE-2017-17780) , Jun 07, 2024
Formidable PRO2PDF (9edf05f0daa525bd6ee144e3e02d24e0339516f5) , Jun 07, 2024
Formidable PRO2PDF (CVE-2023-28663) , Jun 10, 2024
Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder (CVE-2021-24884) , Jun 07, 2024
Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder (CVE-2019-15780) , Jun 07, 2024
New vulnerability
Portfolio & Image Gallery for WordPress | PowerFolio (CVE-2025-57932) , Apr 24, 2026
Bold Page Builder (CVE-2025-7730) , Apr 24, 2026
Flexi – Guest Submit (CVE-2025-9129) , Apr 24, 2026
Maps for WP (CVE-2025-57952) , Apr 24, 2026
Poll Maker – Best WordPress Poll Plugin (CVE-2025-57954) , Apr 24, 2026