Vulnerability Description
The Formidable Forms plugin for WordPress is vulnerable to HTML injection in versions up to, and including, 6.7. This vulnerability allows unauthenticated users to inject arbitrary HTML code into form fields. When the form data is viewed by an administrator in the Entries View Page, the injected HTML code is rendered, potentially leading to admin area defacement or redirection to malicious websites. CVE-2024-23522 appears to be a duplicate of this issue.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Strategy11 | Formidable Form Builder | <= 6.7 |
Related Weaknesses (CWE)
References
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&newThird Party Advisory
- https://www.wordfence.com/threat-intel/vulnerabilities/id/ff294b0f-97fe-4d27-bf9Third Party Advisory
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&newThird Party Advisory
- https://www.wordfence.com/threat-intel/vulnerabilities/id/ff294b0f-97fe-4d27-bf9Third Party Advisory
FAQ
What is CVE-2023-6830?
CVE-2023-6830 is a vulnerability with a CVSS score of 6.5 (MEDIUM). The Formidable Forms plugin for WordPress is vulnerable to HTML injection in versions up to, and including, 6.7. This vulnerability allows unauthenticated users to inject arbitrary HTML code into form...
How severe is CVE-2023-6830?
CVE-2023-6830 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-6830?
Check the references section above for vendor advisories and patch information. Affected products include: Strategy11 Formidable Form Builder.