The Formidable Form Builder plugin for WordPress is vulnerable to Sensitive Data Exposure in versions up to, and including, 2.05.03 via the frm_forms_preview AJAX action. This makes it possible for unauthenticated attackers to export all of the form entries for a given form.
References
Link | Resource |
---|---|
https://klikki.fi/formidable-forms-vulnerabilities/ | Exploit Third Party Advisory |
https://www.wordfence.com/threat-intel/vulnerabilities/id/c7600fe1-94e4-4e3e-a9a6-ff3589813715?source=cve | Third Party Advisory |
Configurations
History
30 Oct 2024, 21:00
Type | Values Removed | Values Added |
---|---|---|
First Time |
Strategy11
Strategy11 formidable Form Builder |
|
CWE | NVD-CWE-noinfo | |
CPE | cpe:2.3:a:strategy11:formidable_form_builder:*:*:*:*:*:wordpress:*:* | |
References | () https://klikki.fi/formidable-forms-vulnerabilities/ - Exploit, Third Party Advisory | |
References | () https://www.wordfence.com/threat-intel/vulnerabilities/id/c7600fe1-94e4-4e3e-a9a6-ff3589813715?source=cve - Third Party Advisory |
16 Oct 2024, 16:38
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
16 Oct 2024, 08:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-10-16 08:15
Updated : 2024-10-30 21:00
NVD link : CVE-2017-20194
Mitre link : CVE-2017-20194
CVE.ORG link : CVE-2017-20194
JSON object : View
Products Affected
strategy11
- formidable_form_builder
CWE