WordPress Formidable Forms Plugin <= 5.5.6 is vulnerable to Cross Site Request Forgery (CSRF)
CVE-2023-24419

8.8HIGH

Key Information:

Vendor: WordPress
Status: Formidable Forms
Vendor: CVE Published:; 28 February 2023

What is CVE-2023-24419?

A Cross-Site Request Forgery (CSRF) vulnerability exists in the Formidable Forms plugin by Strategy11. This issue affects all versions up to and including 5.5.6, allowing attackers to perform actions on behalf of authenticated users without their consent. Such vulnerabilities pose significant risks to web applications, potentially leading to unauthorized data manipulation or disclosure. Website administrators using this plugin are advised to update to a secure version to mitigate these risks.

Affected Version(s)

Formidable Forms <= 5.5.6

References

https://patchstack.com/database/vulnerability/formidable/...

vdb-entry

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 28, 2023
Vulnerability Reserved
Jan 23, 2023

Credit

Rafshanzani Suhada (Patchstack Alliance)