Published: 27/06/2023 Updated: 07/11/2023

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 0

The Formidable Forms WordPress plugin prior to 6.3.1 does not adequately authorize the user or validate the plugin URL in its functionality for installing add-ons. This allows a user with a role as low as Subscriber to install and activate arbitrary plugins of arbitrary versions from the WordPress.org plugin repository onto the site, leading to Remote Code Execution.

Vulnerable Product	Search on Vulmon	Subscribe to Product
strategy11 formidable forms

Check Point Reference: CPAI-2023-1654 Date Published: 30 Apr 2024 Severity: High ...

Formidable Forms < 6.3.1 - Subscriber+ Remote Code Execution

CVE-2023-2877 Formidable Forms < 631 - Subscriber+ Remote Code Execution Usage usage: CVE-2023-2877py [-h] -w URL -u USERNAME -p PASSWORD [-pl PLUGIN] [-c CMD] CVE-2023-2877 - Formidable Forms < 631 - Subscriber+ Remote Code Execution Script options: -h, --help show this help message and exit -w URL, --url URL WordPress site URL -u USER

https://wpscan.com/vulnerability/33765da5-c56e-42c1-83dd-fcaad976b402 https://nvd.nist.gov https://github.com/RandomRobbieBF/CVE-2023-2877 https://advisories.checkpoint.com/defense/advisories/public/2024/cpai-2023-1654.html

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2023-2877

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect