cleantalk
Vulnerabilities and Security Researches

Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder, CVE-2024-6725

CVE, Research URL

CVE-2024-6725

Home page URL

Security reports for Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder

Application

Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder

Published on
Jul 31, 2024
Research Description
The Formidable Forms – Contact Form Plugin, Survey, Quiz, Payment, Calculator Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘html’ parameter in all versions up to, and including, 6.11.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with form editing permissions and Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
Min -, max 6.11.2.
Status
vulnerable
Previous vulnerability researches
Formidable – Clockwork SMS (CVE-2017-17780) , Jun 07, 2024
Formidable PRO2PDF (9edf05f0daa525bd6ee144e3e02d24e0339516f5) , Jun 07, 2024
Formidable PRO2PDF (CVE-2023-28663) , Jun 10, 2024
Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder (CVE-2021-24884) , Jun 07, 2024
Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder (CVE-2019-15780) , Jun 07, 2024
New vulnerability
EZ SQL Reports Shortcode Widget and DB Backup (CVE-2025-6462) , Jul 01, 2025
Related Products Manager for WooCommerce (CVE-2025-50045) , Jul 01, 2025
web-cam (CVE-2025-6540) , Jul 01, 2025
WPShapere Lite (CVE-2025-53317) , Jul 01, 2025
WP Edit (CVE-2025-53253) , Jul 01, 2025