Vulnerability Description
The formidable plugin before 4.02.01 for WordPress has unsafe deserialization.
CVSS Score
9.8
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Strategy11 | Formidable Form Builder | < 4.02.01 |
Related Weaknesses (CWE)
References
- https://pentest.co.uk/labs/advisory/cve-2019-15780/Third Party Advisory
- https://raw.githubusercontent.com/Strategy11/formidable-forms/master/changelog.tRelease NotesThird Party Advisory
- https://wordpress.org/plugins/formidable/#developersProductThird Party Advisory
- https://wpvulndb.com/vulnerabilities/9935Third Party Advisory
- https://pentest.co.uk/labs/advisory/cve-2019-15780/Third Party Advisory
- https://raw.githubusercontent.com/Strategy11/formidable-forms/master/changelog.tRelease NotesThird Party Advisory
- https://wordpress.org/plugins/formidable/#developersProductThird Party Advisory
- https://wpvulndb.com/vulnerabilities/9935Third Party Advisory
FAQ
What is CVE-2019-15780?
CVE-2019-15780 is a vulnerability with a CVSS score of 9.8 (CRITICAL). The formidable plugin before 4.02.01 for WordPress has unsafe deserialization.
How severe is CVE-2019-15780?
CVE-2019-15780 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2019-15780?
Check the references section above for vendor advisories and patch information. Affected products include: Strategy11 Formidable Form Builder.