Formidable Forms – Contact Form Plugin, Survey, Quiz, Payment, Calculator Form & Custom Form Builder

Information

Software Type Plugin
Software Slug formidable (view on wordpress.org)
Software Status Active
Software Author strategy11team
Software Website formidableforms.com
Software Downloads 22,722,916
Software Active Installs 400,000
Software Record Last Updated November 24, 2024

20 Vulnerabilities

8.6
CVE ID Unknown
Nov 13, 2017
Researcher: Jouko Pynnöne
Title Status CVE ID CVSS Researchers Date
Formidable Forms <= 6.1.2 - Unauthenticated PHP Object Injection Patched CVE-2023-1405 9.8 Nguyen Huu Do April 6, 2023
Formidable Form Builder <= 4.02 - PHP Object Injection Patched CVE-2019-15780 9.8 Sam Thomas, Nour Alomary August 9, 2019
Formidable Form Builder <= 4.09.04 - Unauthenticated Stored Cross-Site Scripting Patched CVE-2021-24884 9.6 Maximilian Barz January 28, 2021
Formidable Form Builder <= 2.0.21 - Missing Authorization Checks Patched 9.1 James Golovich February 16, 2016
Formidable Form Builder <= 1.07.11 - SQL Injection Patched CVE-2014-9309 8.8 Kacper Szurek January 26, 2016
Formidable Form Builder < 2.05.03 - SQL Injection Patched 8.6 Jouko Pynnöne November 13, 2017
Formidable Form Builder < 2.05.03 - Unauthenticated Stored Cross-Site Scripting Patched CVE-2017-20192 8.3 Jouko Pynnöne November 13, 2017
Formidable Form Builder <= 5.5.6 - Cross-Site Request Forgery Patched CVE-2023-24419 7.1 Rafshanzani Suhada February 1, 2023
Formidable Forms <= 6.7 - HTML Injection Patched CVE-2023-6830 6.5 drop January 8, 2024
Formidable Forms <= 6.3 - Authenticated (Subscriber+) Arbitrary Plugin Installation and Activation Patched CVE-2023-2877 6.5 Alex Sanford May 31, 2023
Formidable Forms – Contact Form Plugin, Survey, Quiz, Payment, Calculator Form & Custom Form Builder <= 6.16.1.2 - Reflected Cross-Site Scripting via Custom HTML Form Parameter Patched CVE-2024-11188 6.1 mikemyers November 22, 2024
Formidable Forms <= 6.7.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting Patched CVE-2024-0660 6.1 Webbernaut January 26, 2024
Formidable Form Builder < 2.05.03 - Reflected Cross-Site Scripting Patched 6.1 Jouko Pynnöne November 13, 2017
Formidable Form Builder <= 5.5.4 - Cross-Site Request Forgery Patched CVE-2022-45806 5.4 István Márton December 16, 2022
Formidable Forms <= 6.0.1 - IP Spoofing via HTTP header Patched CVE-2023-0816 5.3 Daniel Ruf March 6, 2023
Formidable Form Builder < 2.05.03 - Unauthenticated Information Disclosure Patched CVE-2017-20194 5.3 Jouko Pynnöne November 12, 2017
Formidable Forms <= 6.11.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting Patched CVE-2024-6725 4.9 zer0gh0st July 30, 2024
Formidable Form Builder <= 5.0.06 - Admin+ Stored Cross-Site Scripting Patched CVE-2021-24608 4.8 Asif Nawaz Minhas October 6, 2021
Formidable Forms <= 5.5.4 - Authenticated (Admin+) Server-Side Request Forgery Patched 4.7 December 16, 2022
Formidable Forms <= 6.7 - Authenticated (Administrator+) Stored Cross-Site Scripting Patched CVE-2023-6842 4.4 drop January 8, 2024

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation