Unauthenticated Attackers Can Export All Form Entries via Plugin Flaw

CVE-2017-20194

5.3MEDIUM

Key Information

Vendor: Strategy11team
Status: Formidable Forms – Contact Form Plugin, Survey, Quiz, Payment, Calculator Form & Custom Form Builder
Vendor: CVE Published:; 16 October 2024

Summary

The Formidable Form Builder plugin for WordPress is vulnerable to Sensitive Data Exposure in versions up to, and including, 2.05.03 via the frm_forms_preview AJAX action. This makes it possible for unauthenticated attackers to export all of the form entries for a given form.

Affected Version(s)

Formidable Forms – Contact Form Plugin, Survey, Quiz, Payment, Calculator Form & Custom Form Builder < 2.05.03

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
Oct 16, 2024
Vulnerability Reserved.
Oct 15, 2024
Disclosed
Nov 12, 2017

Collectors

NVD DatabaseMitre Database

Credit

Jouko Pynnöne