Vulnerabilities > Strategy11 > Formidable Form Builder > 5.0.16
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-09 | CVE-2023-6830 | Cross-site Scripting vulnerability in Strategy11 Formidable Form Builder The Formidable Forms plugin for WordPress is vulnerable to HTML injection in versions up to, and including, 6.7. | 6.1 |
| 2024-01-09 | CVE-2023-6842 | Cross-site Scripting vulnerability in Strategy11 Formidable Form Builder The Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the name field label and description field label parameter in all versions up to 6.7 (inclusive) due to insufficient input sanitization and output escaping. | 4.8 |
| 2023-03-27 | CVE-2023-0816 | Authentication Bypass by Spoofing vulnerability in Strategy11 Formidable Form Builder The Formidable Forms WordPress plugin before 6.1 uses several potentially untrusted headers to determine the IP address of the client, leading to IP Address spoofing and bypass of anti-spam protections. | 6.5 |
| 2023-02-28 | CVE-2023-24419 | Cross-Site Request Forgery (CSRF) vulnerability in Strategy11 Formidable Form Builder Cross-Site Request Forgery (CSRF) vulnerability in Strategy11 Form Builder Team Formidable Forms plugin <= 5.5.6 versions. | 8.8 |