CVE-2017-20194

nvd nist nuclei

Published: Oct 16, 2024Modified: Oct 30, 2024

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 3.9 / Impact: 1.4

Source: security@wordfence.com (Secondary)

Description

The Formidable Form Builder plugin for WordPress is vulnerable to Sensitive Data Exposure in versions up to, and including, 2.05.03 via the frm_forms_preview AJAX action. This makes it possible for unauthenticated attackers to export all of the form entries for a given form.

Affected (1)

Products: Strategy11: Formidable Form Builder

1 product

Formidable Form Builder

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Strategy11 Formidable Form Builder	Up to 2.05.03

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (2)

https://klikki.fi/formidable-forms-vulnerabilities/

Source: security@wordfence.com

ExploitThird Party Advisory

https://www.wordfence.com/threat-intel/vulnerabilities/id/c7600fe1-94e4-4e3e-a9a6-ff3589813715?source=cve

Source: security@wordfence.com

Third Party Advisory

Timeline

No history available yet.