Formidable Forms – Contact Form Plugin, Survey, Quiz, Payment, Calculator Form & Custom Form Builder

Wordfence Intelligence   >   Vulnerability Database   >   WordPress Plugins   >   Formidable Forms – Contact Form Plugin, Survey, Quiz, Payment, Calculator Form & Custom Form Builder

Information

Software Type Plugin
Software Slug formidable (view on wordpress.org)
Software Status Active
Software Author strategy11team
Software Website formidableforms.com
Software Downloads 21,243,978
Software Active Installs 400,000
Software Record Last Updated July 26, 2024

18 Vulnerabilities

Formidable Forms <= 6.7.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting
6.1
CVE-2024-0660
Jan 26, 2024
Researcher: Webbernaut
Formidable Forms <= 6.7 - Authenticated (Administrator+) Stored Cross-Site Scripting
4.4
CVE-2023-6842
Jan 8, 2024
Researcher: drop
Formidable Forms <= 6.7 - HTML Injection
6.5
CVE-2023-6830
Jan 8, 2024
Researcher: drop
Formidable Forms <= 6.3 - Authenticated (Subscriber+) Arbitrary Plugin Installation and Activation
6.5
CVE-2023-2877
May 31, 2023
Researcher: Alex Sanford
Formidable Forms <= 6.1.2 - Unauthenticated PHP Object Injection
9.8
CVE-2023-1405
Apr 6, 2023
Researcher: Nguyen Huu Do
Formidable Forms <= 6.0.1 - IP Spoofing via HTTP header
5.3
CVE-2023-0816
Mar 6, 2023
Researcher: Daniel Ruf
Formidable Form Builder <= 5.5.6 - Cross-Site Request Forgery
7.1
CVE-2023-24419
Feb 1, 2023
Researcher: Rafshanzani Suhada
Formidable Form Builder <= 5.5.4 - Cross-Site Request Forgery
5.4
CVE-2022-45806
Dec 16, 2022
Researcher: István Márton
Formidable Forms <= 5.5.4 - Authenticated (Admin+) Server-Side Request Forgery
4.7
CVE ID Unknown
Dec 16, 2022
Researchers:
Formidable Form Builder <= 5.0.06 - Admin+ Stored Cross-Site Scripting
4.8
CVE-2021-24608
Oct 6, 2021
Researcher: Asif Nawaz Minhas
Formidable Form Builder <= 4.09.04 - Unauthenticated Stored Cross-Site Scripting
9.6
CVE-2021-24884
Jan 28, 2021
Researcher: Maximilian Barz
Formidable Form Builder <= 4.02 - PHP Object Injection
9.8
CVE-2019-15780
Aug 9, 2019
Researchers: Sam Thomas, Nour Alomary
Formidable Form Builder < 2.05.03 - SQL Injection
8.6
CVE ID Unknown
Nov 13, 2017
Researcher: Jouko Pynnöne
Formidable Form Builder < 2.05.03 - Reflected Cross-Site Scripting
6.1
CVE ID Unknown
Nov 13, 2017
Researcher: Jouko Pynnöne
Formidable Form Builder < 2.05.03 - Unauthenticated Stored Cross-Site Scripting
8.3
CVE ID Unknown
Nov 13, 2017
Researcher: Jouko Pynnöne
Formidable Form Builder < 2.05.03 - Unauthenticated Information Disclosure
5.3
CVE ID Unknown
Nov 12, 2017
Researcher: Jouko Pynnöne
Formidable Form Builder <= 2.0.21 - Missing Authorization Checks
9.1
CVE ID Unknown
Feb 16, 2016
Researcher: James Golovich
Formidable Form Builder <= 1.07.11 - SQL Injection
8.8
CVE-2014-9309
Jan 26, 2016
Researcher: Kacper Szurek
Title Status CVE ID CVSS Researchers Date
Formidable Forms <= 6.7.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting Patched CVE-2024-0660 6.1 Webbernaut January 26, 2024
Formidable Forms <= 6.7 - Authenticated (Administrator+) Stored Cross-Site Scripting Patched CVE-2023-6842 4.4 drop January 8, 2024
Formidable Forms <= 6.7 - HTML Injection Patched CVE-2023-6830 6.5 drop January 8, 2024
Formidable Forms <= 6.3 - Authenticated (Subscriber+) Arbitrary Plugin Installation and Activation Patched CVE-2023-2877 6.5 Alex Sanford May 31, 2023
Formidable Forms <= 6.1.2 - Unauthenticated PHP Object Injection Patched CVE-2023-1405 9.8 Nguyen Huu Do April 6, 2023
Formidable Forms <= 6.0.1 - IP Spoofing via HTTP header Patched CVE-2023-0816 5.3 Daniel Ruf March 6, 2023
Formidable Form Builder <= 5.5.6 - Cross-Site Request Forgery Patched CVE-2023-24419 7.1 Rafshanzani Suhada February 1, 2023
Formidable Form Builder <= 5.5.4 - Cross-Site Request Forgery Patched CVE-2022-45806 5.4 István Márton December 16, 2022
Formidable Forms <= 5.5.4 - Authenticated (Admin+) Server-Side Request Forgery Patched 4.7 December 16, 2022
Formidable Form Builder <= 5.0.06 - Admin+ Stored Cross-Site Scripting Patched CVE-2021-24608 4.8 Asif Nawaz Minhas October 6, 2021
Formidable Form Builder <= 4.09.04 - Unauthenticated Stored Cross-Site Scripting Patched CVE-2021-24884 9.6 Maximilian Barz January 28, 2021
Formidable Form Builder <= 4.02 - PHP Object Injection Patched CVE-2019-15780 9.8 Sam Thomas, Nour Alomary August 9, 2019
Formidable Form Builder < 2.05.03 - SQL Injection Patched 8.6 Jouko Pynnöne November 13, 2017
Formidable Form Builder < 2.05.03 - Reflected Cross-Site Scripting Patched 6.1 Jouko Pynnöne November 13, 2017
Formidable Form Builder < 2.05.03 - Unauthenticated Stored Cross-Site Scripting Patched 8.3 Jouko Pynnöne November 13, 2017
Formidable Form Builder < 2.05.03 - Unauthenticated Information Disclosure Patched 5.3 Jouko Pynnöne November 12, 2017
Formidable Form Builder <= 2.0.21 - Missing Authorization Checks Patched 9.1 James Golovich February 16, 2016
Formidable Form Builder <= 1.07.11 - SQL Injection Patched CVE-2014-9309 8.8 Kacper Szurek January 26, 2016

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation