PT-2024-10603 · WordPress · Formidable Form Builder
Published
2024-10-16
·
Updated
2024-10-30
·
CVE-2017-20194
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Formidable Form Builder plugin for WordPress versions up to, and including, 2.05.03
Description
The issue allows unauthenticated attackers to export all form entries for a given form via the
frm forms preview AJAX action. This enables the exposure of sensitive data.Recommendations
For versions up to, and including, 2.05.03, consider disabling the
frm forms preview AJAX action until a patch is available to prevent sensitive data exposure.Exploit
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Formidable Form Builder