Strategy11 Formidable Form Builder — known CVE vulnerabilities
Every CVE whose affected-product data names Strategy11 Formidable Form Builder, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVE-2021-24884 — CVSS 9.6 (critical): The Formidable Form Builder WordPress plugin before 4.09.05 allows to inject certain HTML Tags like <audio>,<video>,<img>,<a>…
CVE-2017-20192 — CVSS 8.3 (high): The Formidable Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters submitted during form…
CVE-2023-24419 — CVSS 7.1 (high): Cross-Site Request Forgery (CSRF) vulnerability in Strategy11 Form Builder Team Formidable Forms plugin <= 5.5.6 versions.
CVE-2023-0816 — CVSS 6.5 (medium): The Formidable Forms WordPress plugin before 6.1 uses several potentially untrusted headers to determine the IP address of the client…
CVE-2023-6830 — CVSS 6.5 (medium): The Formidable Forms plugin for WordPress is vulnerable to HTML injection in versions up to, and including, 6.7. This vulnerability allows…
CVE-2017-20194 — CVSS 5.3 (medium): The Formidable Form Builder plugin for WordPress is vulnerable to Sensitive Data Exposure in versions up to, and including, 2.05.03 via the…
CVE-2021-24608 — CVSS 4.8 (medium): The Formidable Form Builder – Contact Form, Survey & Quiz Forms Plugin for WordPress plugin before 5.0.07 does not sanitise and escape…
CVE-2023-6842 — CVSS 4.4 (medium): The Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder plugin for WordPress is vulnerable to…