Really Simple Security logo

Log out
Get PRO

Latest

Input validation vulnerability in Formidable Forms – Contact Form, Survey, Quiz, Calculator & Custom Form Builder 5.5.4

  • Severity: medium-risk
  • Status: Fixed
  • Publication: December 16, 2022

The Formidable Form Builder plugin for WordPress has a potential security issue in versions up to 5.5.4. This issue is called Server-Side Request Forgery and it makes it possible for users who have administration privileges to make web requests to external locations from the web application. These web requests can be used to query and change information from internal services. To prevent this issue, the ‘plugin’ parameter passed to the install_addon function must be restricted.

Detected in:

Formidable Forms – Contact Form Plugin, Survey, Quiz, Payment, Calculator Form & Custom Form Builder fixed vulnerable versions:
Formidable Forms – Contact Form, Survey, Quiz & Calculator Form Builder fixed vulnerable versions:
Formidable Forms – Contact Form, Survey, Quiz, Calculator & Custom Form Builder fixed vulnerable versions: >= * <= 5.5.4
Formidable Forms – Contact Form, Survey, Quiz, Calculator, Payment & Custom Form Builder fixed vulnerable versions:
Formidable Forms – Contact Form, Survey, Quiz, Payment & Calculator Form Builder fixed vulnerable versions:
Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder fixed vulnerable versions:

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.