Really Simple Security logo

Log out
Get PRO

Latest

Access violation vulnerability in Formidable Forms – Contact Form, Survey, Quiz, Calculator & Custom Form Builder 2.0.21

  • Severity: critical
  • Status: Fixed
  • Publication: February 16, 2016

The Formidable Form Builder plugin for WordPress is a tool that allows users to build and manage forms for their websites. Unfortunately, there is a security issue in versions of the plugin up until 2.0.21; attackers who are not logged in can access and modify form fields without authorization. This is because the plugin didn’t have enough security measures in place, such as nonce and capability checks on the ‘frm_fill_licenses’ and ‘frm_ajax’ AJAX actions.

Detected in:

Formidable Forms – Contact Form Plugin, Survey, Quiz, Payment, Calculator Form & Custom Form Builder fixed vulnerable versions:
Formidable Forms – Contact Form, Survey, Quiz & Calculator Form Builder fixed vulnerable versions:
Formidable Forms – Contact Form, Survey, Quiz, Calculator & Custom Form Builder fixed vulnerable versions: >= * <= 2.0.21
Formidable Forms – Contact Form, Survey, Quiz, Calculator, Payment & Custom Form Builder fixed vulnerable versions:
Formidable Forms – Contact Form, Survey, Quiz, Payment & Calculator Form Builder fixed vulnerable versions:
Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder fixed vulnerable versions:

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.