CVE-2023-0816

CWE-290 CWE-639 — Insecure Direct Object Reference3 documents3 sources

Severity

6.5MEDIUM

EPSS

0.2%

top 62.81%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Unknown Formidable Forms Strategy11 Formidable Form Builder

Timeline

PublishedMar 27

Description

The Formidable Forms WordPress plugin before 6.1 uses several potentially untrusted headers to determine the IP address of the client, leading to IP Address spoofing and bypass of anti-spam protections.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:NExploitability: 3.9 | Impact: 2.5

Affected Packages2 packages

▶CVEListV5unknown/formidable_forms< 6.1

▶NVDstrategy11/formidable_form_builder< 6.1

🔴Vulnerability Details

GHSA

GHSA-m9ch-6hh2-gc9w: The Formidable Forms WordPress plugin before 6↗2023-03-27

▶

CVEList

Formidable Forms < 6.1 - IP Spoofing↗2023-03-27

▶