Vulnerabilities > Strategy11 > Formidable Forms > 6.7.2

DATE CVE VULNERABILITY TITLE RISK
2024-07-31 CVE-2024-6725 Cross-site Scripting vulnerability in Strategy11 Formidable Forms
The Formidable Forms – Contact Form Plugin, Survey, Quiz, Payment, Calculator Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘html’ parameter in all versions up to, and including, 6.11.1 due to insufficient input sanitization and output escaping.
network
low complexity
strategy11 CWE-79
5.4
5.4
2024-02-05 CVE-2024-0660 Cross-Site Request Forgery (CSRF) vulnerability in Strategy11 Formidable Forms
The Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.7.2.
network
low complexity
strategy11 CWE-352
4.3
4.3