CyberSec.Space Logo
Back to CVE Browser

CVE-2017-20194

MEDIUM
5.3
CVSS Severity Score
EPSS Score0.0580%
EPSS Percentile38.81th
PublishedOct 16, 2024
Last ModifiedOct 30, 2024

Vulnerability Description

The Formidable Form Builder plugin for WordPress is vulnerable to Sensitive Data Exposure in versions up to, and including, 2.05.03 via the frm_forms_preview AJAX action. This makes it possible for unauthenticated attackers to export all of the form entries for a given form.

Affected Platforms (CPE)

📦
Strategy11

Formidable Form Builder

<= 2.05.03

References & Advisories

🔗 https://klikki.fi/formidable-forms-vulnerabilities/
🔗 https://www.wordfence.com/threat-intel/vulnerabilities/id/c7600fe1-94e4-4e3e-a9a6-ff3589813715?source=cve

Related Vulnerabilities

CVE-2021-248849.6

The Formidable Form Builder WordPress plugin before 4.09.05 allows to inject certain HTML Tags like <audio>,<video>,<img>,<a> and<...

CVE-2017-201928.3

The Formidable Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters submitted du...

CVE-2021-246084.8

The Formidable Form Builder – Contact Form, Survey & Quiz Forms Plugin for WordPress plugin before 5.0.07 does not sanitise and es...

CVE-2017-514510.0

An issue was discovered in Carlo Gavazzi VMU-C EM prior to firmware Version A11_U05, and VMU-C PV prior to firmware Version A17. S...