CVE-2023-6830

Name of the Vulnerable Software and Affected Versions Formidable Forms plugin for WordPress versions up to, and including, 6.7

Description The Formidable Forms plugin for WordPress is vulnerable to HTML injection. This issue allows unauthenticated users to inject arbitrary HTML code into form fields. When the form data is viewed by an administrator in the Entries View Page, the injected HTML code is rendered, potentially leading to admin area defacement or redirection to malicious websites.

Recommendations For versions up to, and including, 6.7, update to a version later than 6.7 to resolve the issue. As a temporary workaround, consider restricting access to the Entries View Page to minimize the risk of exploitation. Additionally, restrict the ability of unauthenticated users to inject HTML code into form fields until a patch is available.