CVE-2023-0816

Published: Mar 27, 2023Modified: Jun 17, 2026

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Exploitability: 3.9 / Impact: 2.5

Source: NVD

Description

The Formidable Forms WordPress plugin before 6.1 uses several potentially untrusted headers to determine the IP address of the client, leading to IP Address spoofing and bypass of anti-spam protections.

Affected (1)

Products: Strategy11: Formidable Form Builder

Strategy11

1 product

Formidable Form Builder

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Strategy11 Formidable Form Builder	Before 6.1

Related CWEs

CWE-290

Authentication Bypass by Spoofing

This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.

References (2)

https://wpscan.com/vulnerability/a281f63f-e295-4666-8a08-01b23cd5a744

Source: contact@wpscan.com

ExploitThird Party Advisory

https://wpscan.com/vulnerability/a281f63f-e295-4666-8a08-01b23cd5a744

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.