CVE-2017-20194

The Formidable Form Builder plugin for WordPress is vulnerable to Sensitive Data Exposure in versions up to, and including, 2.05.03 via the frm_forms_preview AJAX action. This makes it possible for unauthenticated attackers to export all of the form entries for a given form.
Configurations

Configuration 1 (hide)

cpe:2.3:a:strategy11:formidable_form_builder:*:*:*:*:*:wordpress:*:*

History

30 Oct 2024, 21:00

Type Values Removed Values Added
First Time Strategy11
Strategy11 formidable Form Builder
CWE NVD-CWE-noinfo
CPE cpe:2.3:a:strategy11:formidable_form_builder:*:*:*:*:*:wordpress:*:*
References () https://klikki.fi/formidable-forms-vulnerabilities/ - () https://klikki.fi/formidable-forms-vulnerabilities/ - Exploit, Third Party Advisory
References () https://www.wordfence.com/threat-intel/vulnerabilities/id/c7600fe1-94e4-4e3e-a9a6-ff3589813715?source=cve - () https://www.wordfence.com/threat-intel/vulnerabilities/id/c7600fe1-94e4-4e3e-a9a6-ff3589813715?source=cve - Third Party Advisory

16 Oct 2024, 16:38

Type Values Removed Values Added
Summary
  • (es) El complemento Formidable Form Builder para WordPress es vulnerable a la exposición de datos confidenciales en versiones hasta la 2.05.03 incluida a través de la acción AJAX frm_forms_preview. Esto permite que atacantes no autenticados exporten todas las entradas de formulario de un formulario determinado.

16 Oct 2024, 08:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-10-16 08:15

Updated : 2024-10-30 21:00


NVD link : CVE-2017-20194

Mitre link : CVE-2017-20194

CVE.ORG link : CVE-2017-20194


JSON object : View

Products Affected

strategy11

  • formidable_form_builder
CWE
NVD-CWE-noinfo CWE-200

Exposure of Sensitive Information to an Unauthorized Actor