Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2017-20194

CWE-200 — Information Exposure5 documents5 sources

Severity

5.3MEDIUM

EPSS

9.3%

top 7.24%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Strategy11 Formidable Form Builder

Timeline

PublishedOct 16

Description

The Formidable Form Builder plugin for WordPress is vulnerable to Sensitive Data Exposure in versions up to, and including, 2.05.03 via the frm_forms_preview AJAX action. This makes it possible for unauthenticated attackers to export all of the form entries for a given form.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages1 packages

▶NVDstrategy11/formidable_form_builder2.05.03

🔴Vulnerability Details

CVEList

Formidable Form Builder < 2.05.03 - Unauthenticated Information Disclosure↗2024-10-16

▶

GHSA

GHSA-2xfv-566j-24f6: The Formidable Form Builder plugin for WordPress is vulnerable to Sensitive Data Exposure in versions up to, and including, 2↗2024-10-16

▶

VulnCheck

Formidable Form Builder plugin for WordPress frm_forms_preview AJAX Action Vulnerability↗2017

▶

💥Exploits & PoCs

Nuclei

Formidable Form Builder < 2.05.03 - Unauthenticated Information Disclosure

▶