Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder

Information

Software Type Plugin
Software Slug formidable (view on wordpress.org)
Software Status Active
Software Author strategy11team
Software Website formidableforms.com
Software Downloads 20,149,539
Software Active Installs 300,000
Software Record Last Updated March 29, 2024

18 Vulnerabilities

8.6
CVE ID Unknown
Nov 13, 2017
Researcher: Jouko Pynnöne
Title CVE ID CVSS Researchers Date
Formidable Forms <= 6.1.2 - Unauthenticated PHP Object Injection CVE-2023-1405 9.8 Nguyen Huu Do April 6, 2023
Formidable Form Builder <= 4.02 - PHP Object Injection CVE-2019-15780 9.8 Sam Thomas, Nour Alomary August 9, 2019
Formidable Form Builder <= 4.09.04 - Unauthenticated Stored Cross-Site Scripting CVE-2021-24884 9.6 Maximilian Barz January 28, 2021
Formidable Form Builder <= 2.0.21 - Missing Authorization Checks 9.1 James Golovich February 16, 2016
Formidable Form Builder <= 1.07.11 - SQL Injection CVE-2014-9309 8.8 Kacper Szurek January 26, 2016
Formidable Form Builder < 2.05.03 - SQL Injection 8.6 Jouko Pynnöne November 13, 2017
Formidable Form Builder < 2.05.03 - Unauthenticated Stored Cross-Site Scripting 8.3 Jouko Pynnöne November 13, 2017
Formidable Form Builder <= 5.5.6 - Cross-Site Request Forgery CVE-2023-24419 7.1 Rafshanzani Suhada February 1, 2023
Formidable Forms <= 6.7 - HTML Injection CVE-2023-6830 6.5 drop January 8, 2024
Formidable Forms <= 6.3 - Authenticated (Subscriber+) Arbitrary Plugin Installation and Activation CVE-2023-2877 6.5 Alex Sanford May 31, 2023
Formidable Forms <= 6.7.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting CVE-2024-0660 6.1 Webbernaut January 26, 2024
Formidable Form Builder < 2.05.03 - Reflected Cross-Site Scripting 6.1 Jouko Pynnöne November 13, 2017
Formidable Form Builder <= 5.5.4 - Cross-Site Request Forgery CVE-2022-45806 5.4 István Márton December 16, 2022
Formidable Forms <= 6.0.1 - IP Spoofing via HTTP header CVE-2023-0816 5.3 Daniel Ruf March 6, 2023
Formidable Form Builder < 2.05.03 - Unauthenticated Information Disclosure 5.3 Jouko Pynnöne November 12, 2017
Formidable Form Builder <= 5.0.06 - Admin+ Stored Cross-Site Scripting CVE-2021-24608 4.8 Asif Nawaz Minhas October 6, 2021
Formidable Forms <= 5.5.4 - Authenticated (Admin+) Server-Side Request Forgery 4.7 December 16, 2022
Formidable Forms <= 6.7 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2023-6842 4.4 drop January 8, 2024

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation