Formidable Forms – Contact Form Plugin, Survey, Quiz, Payment, Calculator Form & Custom Form Builder

Information

Software Type Plugin
Software Slug formidable (view on wordpress.org)
Software Status Active
Software Author strategy11team
Software Website formidableforms.com
Software Downloads 21,226,692
Software Active Installs 400,000
Software Record Last Updated July 25, 2024

18 Vulnerabilities

8.6
CVE ID Unknown
Nov 13, 2017
Researcher: Jouko Pynnöne
Title Status CVE ID CVSS Researchers Date
Formidable Forms <= 6.7.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting Patched CVE-2024-0660 6.1 Webbernaut January 26, 2024
Formidable Forms <= 6.7 - Authenticated (Administrator+) Stored Cross-Site Scripting Patched CVE-2023-6842 4.4 drop January 8, 2024
Formidable Forms <= 6.7 - HTML Injection Patched CVE-2023-6830 6.5 drop January 8, 2024
Formidable Forms <= 6.3 - Authenticated (Subscriber+) Arbitrary Plugin Installation and Activation Patched CVE-2023-2877 6.5 Alex Sanford May 31, 2023
Formidable Forms <= 6.1.2 - Unauthenticated PHP Object Injection Patched CVE-2023-1405 9.8 Nguyen Huu Do April 6, 2023
Formidable Forms <= 6.0.1 - IP Spoofing via HTTP header Patched CVE-2023-0816 5.3 Daniel Ruf March 6, 2023
Formidable Form Builder <= 5.5.6 - Cross-Site Request Forgery Patched CVE-2023-24419 7.1 Rafshanzani Suhada February 1, 2023
Formidable Form Builder <= 5.5.4 - Cross-Site Request Forgery Patched CVE-2022-45806 5.4 István Márton December 16, 2022
Formidable Forms <= 5.5.4 - Authenticated (Admin+) Server-Side Request Forgery Patched 4.7 December 16, 2022
Formidable Form Builder <= 5.0.06 - Admin+ Stored Cross-Site Scripting Patched CVE-2021-24608 4.8 Asif Nawaz Minhas October 6, 2021
Formidable Form Builder <= 4.09.04 - Unauthenticated Stored Cross-Site Scripting Patched CVE-2021-24884 9.6 Maximilian Barz January 28, 2021
Formidable Form Builder <= 4.02 - PHP Object Injection Patched CVE-2019-15780 9.8 Sam Thomas, Nour Alomary August 9, 2019
Formidable Form Builder < 2.05.03 - SQL Injection Patched 8.6 Jouko Pynnöne November 13, 2017
Formidable Form Builder < 2.05.03 - Reflected Cross-Site Scripting Patched 6.1 Jouko Pynnöne November 13, 2017
Formidable Form Builder < 2.05.03 - Unauthenticated Stored Cross-Site Scripting Patched 8.3 Jouko Pynnöne November 13, 2017
Formidable Form Builder < 2.05.03 - Unauthenticated Information Disclosure Patched 5.3 Jouko Pynnöne November 12, 2017
Formidable Form Builder <= 2.0.21 - Missing Authorization Checks Patched 9.1 James Golovich February 16, 2016
Formidable Form Builder <= 1.07.11 - SQL Injection Patched CVE-2014-9309 8.8 Kacper Szurek January 26, 2016

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation