Vulnerabilities > Strategy11 > Formidable Form Builder > Critical

DATE CVE VULNERABILITY TITLE RISK
2021-10-25 CVE-2021-24884 Cross-site Scripting vulnerability in Strategy11 Formidable Form Builder
The Formidable Form Builder WordPress plugin before 4.09.05 allows to inject certain HTML Tags like <audio>,<video>,<img>,<a> and<button>.This could allow an unauthenticated, remote attacker to exploit a HTML-injection byinjecting a malicous link.
network
low complexity
strategy11 CWE-79
critical
 9.6
9.6
2019-08-29 CVE-2019-15780 Deserialization of Untrusted Data vulnerability in Strategy11 Formidable Form Builder
The formidable plugin before 4.02.01 for WordPress has unsafe deserialization.
network
low complexity
strategy11 CWE-502
critical
 9.8
9.8