CVE-2023-6830
published 2024-01-09CVE-2023-6830: The Formidable Forms plugin for WordPress is vulnerable to HTML injection in versions up to, and including, 6.7. This vulnerability allows unauthenticated…
PriorityP428medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EPSS
0.39%
31.1th percentile
The Formidable Forms plugin for WordPress is vulnerable to HTML injection in versions up to, and including, 6.7. This vulnerability allows unauthenticated users to inject arbitrary HTML code into form fields. When the form data is viewed by an administrator in the Entries View Page, the injected HTML code is rendered, potentially leading to admin area defacement or redirection to malicious websites. CVE-2024-23522 appears to be a duplicate of this issue.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| strategy11 | formidable_form_builder | <= 6.7 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Formidable Forms Plugin up to 6.7 on WordPress cross site scripting
vuldb·2026-04-11·CVSS 6.5
CVE-2023-6830 [MEDIUM] Formidable Forms Plugin up to 6.7 on WordPress cross site scripting
A vulnerability described as problematic has been identified in Formidable Forms Plugin up to 6.7 on WordPress. Impacted is an unknown function. Executing a manipulation can lead to basic cross site scripting.
The identification of this vulnerability is CVE-2023-6830. The attack may be launched remotely. There is no exploit available.
GHSA
GHSA-p2gq-hc84-24mm: The Formidable Forms plugin for WordPress is vulnerable to HTML injection in versions up to, and including, 6
ghsa_unreviewed·2024-01-09
CVE-2023-6830 [MEDIUM] CWE-79 GHSA-p2gq-hc84-24mm: The Formidable Forms plugin for WordPress is vulnerable to HTML injection in versions up to, and including, 6
The Formidable Forms plugin for WordPress is vulnerable to HTML injection in versions up to, and including, 6.7. This vulnerability allows unauthenticated users to inject arbitrary HTML code into form fields. When the form data is viewed by an administrator in the Entries View Page, the injected HTML code is rendered, potentially leading to admin area defacement or redirection to malicious websites.
No detection rules found.
No writeups or analysis indexed.
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3017166%40formidable%2Ftrunk&old=3009066%40formidable%2Ftrunk&sfp_email=&sfph_mail=https://www.wordfence.com/threat-intel/vulnerabilities/id/ff294b0f-97fe-4d27-bf93-f5bbb57ac1f6?source=cvehttps://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3017166%40formidable%2Ftrunk&old=3009066%40formidable%2Ftrunk&sfp_email=&sfph_mail=https://www.wordfence.com/threat-intel/vulnerabilities/id/ff294b0f-97fe-4d27-bf93-f5bbb57ac1f6?source=cve
2024-01-09
Published