ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Formidable Forms plugin <=2.05.02 - SQL Injection (SQLi) vulnerability

Product
Formidable Forms
Description
Blind SQL Injection (SQLi) vulnerability found by Jouko Pynnönen in WordPress Formidable Forms plugin (versions <=2.05.02). This vulnerability allows an attacker to enumerate databases and tables and retrieve their contents.
Solution
Update the WordPress Formidable Forms plugin to the latest available version (at least version 2.05.03).
Classification
Type SQL Injection
OWASP Top 10 A1: Injection
References
Plugin changelog
CVE
Name CVE-N/A
Versions
Affected In <=2.05.02
Fixed In 2.05.03
Disclosure date
2017-11-20
Credits
Jouko Pynnönen
Submitter
ThreatPress