Formidable Forms – Contact Form, Survey, Quiz, Calculator & Custom Form Builder

Information

Software Type Plugin
Software Slug formidable (view on wordpress.org)
Software Status Active
Software Author sswells
Software Website formidableforms.com
Software Downloads 17,247,994
Software Active Installs 300,000
Software Record Last Updated June 5, 2023

15 vulnerabilities

8.6
CVE ID Unknown
Nov 13, 2017
Researcher: Jouko Pynnöne
Title CVE ID CVSS Researchers Date
Formidable Forms <= 6.3 - Authenticated (Subscriber+) Arbitrary Plugin Installation and Activation 6.5 May 31, 2023
Formidable Forms <= 6.1.2 - Unauthenticated PHP Object Injection CVE-2023-1405 9.8 Nguyen Huu Do April 6, 2023
Formidable Forms <= 6.0.1 - IP Spoofing via HTTP header CVE-2023-0816 5.3 Daniel Ruf March 6, 2023
Formidable Form Builder <= 5.5.6 - Cross-Site Request Forgery CVE-2023-24419 7.1 Rafshanzani Suhada February 1, 2023
Formidable Form Builder <= 5.5.4 - Cross-Site Request Forgery CVE-2022-45806 5.4 Lana Codes December 16, 2022
Formidable Forms <= 5.5.4 - Authenticated (Admin+) Server-Side Request Forgery 4.7 December 16, 2022
Formidable Form Builder <= 5.0.06 - Admin+ Stored Cross-Site Scripting CVE-2021-24608 4.8 Asif Nawaz Minhas October 6, 2021
Formidable Form Builder <= 4.09.04 - Unauthenticated Stored Cross-Site Scripting CVE-2021-24884 9.6 Maximilian Barz January 28, 2021
Formidable Form Builder <= 4.02 - PHP Object Injection CVE-2019-15780 9.8 Sam Thomas, Nour Alomary August 9, 2019
Formidable Form Builder < 2.05.03 - SQL Injection 8.6 Jouko Pynnöne November 13, 2017
Formidable Form Builder < 2.05.03 - Unauthenticated Stored Cross-Site Scripting 8.3 Jouko Pynnöne November 13, 2017
Formidable Form Builder < 2.05.03 - Reflected Cross-Site Scripting 6.1 Jouko Pynnöne November 13, 2017
Formidable Form Builder < 2.05.03 - Unauthenticated Information Disclosure 5.3 Jouko Pynnöne November 12, 2017
Formidable Form Builder <= 2.0.21 - Missing Authorization Checks 9.1 James Golovich February 16, 2016
Formidable Form Builder <= 1.07.11 - SQL Injection CVE-2014-9309 8.8 Kacper Szurek January 26, 2016

All the threat data shared in this database is powered by Wordfence Intelligence Enterprise.
Interested in integrating this data into your platform or network?
Contact us now to discuss API access to our Wordfence Intelligence Enterprise Data Feeds.

Inquire Now

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation