cleantalk
Vulnerabilities and Security Researches

Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder, CVE-2024-0660

CVE, Research URL

CVE-2024-0660

Home page URL

Security reports for Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder

Application

Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder

Published on
Feb 06, 2024
Research Description
The Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.7.2. This is due to missing or incorrect nonce validation on the update_settings function. This makes it possible for unauthenticated attackers to change form settings and add malicious JavaScript via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions
max 6.8.
Status
vulnerable
Previous vulnerability researches
Formidable – Clockwork SMS (CVE-2017-17780) , Jun 07, 2024
Formidable PRO2PDF (9edf05f0daa525bd6ee144e3e02d24e0339516f5) , Jun 07, 2024
Formidable PRO2PDF (CVE-2023-28663) , Jun 10, 2024
Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder (CVE-2021-24884) , Jun 07, 2024
Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder (CVE-2019-15780) , Jun 07, 2024
New vulnerability
Portfolio & Image Gallery for WordPress | PowerFolio (CVE-2025-57932) , Apr 24, 2026
Bold Page Builder (CVE-2025-7730) , Apr 24, 2026
Flexi – Guest Submit (CVE-2025-9129) , Apr 24, 2026
Maps for WP (CVE-2025-57952) , Apr 24, 2026
Poll Maker – Best WordPress Poll Plugin (CVE-2025-57954) , Apr 24, 2026