Unknown Formidable Forms vulnerabilities

CVE-2024-9768 [MEDIUM] CWE-79 CVE-2024-9768: The Formidable Forms WordPress plugin before 6.14.1 does not sanitise and escape some of its settin The Formidable Forms WordPress plugin before 6.14.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

CVE-2023-1405 [HIGH] CWE-502 CVE-2023-1405: The Formidable Forms WordPress plugin before 6.2 unserializes user input, which could allow anonymou The Formidable Forms WordPress plugin before 6.2 unserializes user input, which could allow anonymous users to perform PHP Object Injection when a suitable gadget is present.

CVE-2023-2877 [HIGH] CWE-863 CVE-2023-2877: The Formidable Forms WordPress plugin before 6.3.1 does not adequately authorize the user or validat The Formidable Forms WordPress plugin before 6.3.1 does not adequately authorize the user or validate the plugin URL in its functionality for installing add-ons. This allows a user with a role as low as Subscriber to install and activate arbitrary plugins of arbitrary versions from the WordPress.org plugin repository onto the site, leading to Remote Cod

CVE-2023-0816 [MEDIUM] CWE-290 CVE-2023-0816: The Formidable Forms WordPress plugin before 6.1 uses several potentially untrusted headers to deter The Formidable Forms WordPress plugin before 6.1 uses several potentially untrusted headers to determine the IP address of the client, leading to IP Address spoofing and bypass of anti-spam protections.