ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Formidable Forms plugin <=2.05.02 - Multiple vulnerabilities

Product
Formidable Forms
Description
Multiple vulnerabilities found by Jouko Pynnönen in WordPress Formidable Forms plugin (versions <=2.05.02). Unauthenticated preview function allowing shortcodes, unauthenticated form entries retrieval and Server-Side Code Execution via iThemes Sync.
Solution
Update the WordPress Formidable Forms plugin to the latest available version (at least version 2.05.03).
Classification
Type Multi
References
Plugin changelog
CVE
Name CVE-N/A
Versions
Affected In <=2.05.02
Fixed In 2.05.03
Disclosure date
2017-11-20
Credits
Jouko Pynnönen
Submitter
ThreatPress