CyberSec.Space Logo
CVEブラウザに戻る

CVE-2017-20194

MEDIUM
5.3
CVSS Severity Score
EPSS Score0.0580%
EPSS Percentile38.81th
Published2024年10月16日
Last Modified2024年10月30日

Vulnerability Description

The Formidable Form Builder plugin for WordPress is vulnerable to Sensitive Data Exposure in versions up to, and including, 2.05.03 via the frm_forms_preview AJAX action. This makes it possible for unauthenticated attackers to export all of the form entries for a given form.

Affected Platforms (CPE)

📦
Strategy11

Formidable Form Builder

<= 2.05.03

References & Advisories

🔗 https://klikki.fi/formidable-forms-vulnerabilities/
🔗 https://www.wordfence.com/threat-intel/vulnerabilities/id/c7600fe1-94e4-4e3e-a9a6-ff3589813715?source=cve

関連する脆弱性情報

CVE-2021-248849.6

The Formidable Form Builder WordPress plugin before 4.09.05 allows to inject certain HTML Tags like <audio>,<video>,<img>,<a> and<...

CVE-2017-201928.3

The Formidable Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters submitted du...

CVE-2021-246084.8

The Formidable Form Builder – Contact Form, Survey & Quiz Forms Plugin for WordPress plugin before 5.0.07 does not sanitise and es...

CVE-2017-796410.0

Zyxel WRE6505 devices have a default TELNET password of 1234 for the root and admin accounts, which makes it easier for remote att...