CVE-2023-2877
Last modified
CVE-2023-2877 is a high-severity vulnerability rated 8.8/10 on the CVSS scale. The Formidable Forms WordPress plugin before 6.3.1 does not adequately authorize the user or validate the plugin URL in its functionality for installing add-ons. This allows a user with a role as low as Subscriber to install and activate arbitrary plugins of arbitrary versions from the WordPress.org plugin repository onto the site, leading to Remote Code Execution.. EPSS estimates a 22.27% chance of exploitation in the next 30 days.
Description
The Formidable Forms WordPress plugin before 6.3.1 does not adequately authorize the user or validate the plugin URL in its functionality for installing add-ons. This allows a user with a role as low as Subscriber to install and activate arbitrary plugins of arbitrary versions from the WordPress.org plugin repository onto the site, leading to Remote Code Execution.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Strategy11 | Formidable Forms | < 6.3.1 |
References
- https://wpscan.com/vulnerability/33765da5-c56e-42c1-83dd-fcaad976b402Exploit, Third Party Advisory
- https://wpscan.com/vulnerability/33765da5-c56e-42c1-83dd-fcaad976b402Exploit, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2023-2877?
How severe is CVE-2023-2877?
How do I fix CVE-2023-2877?
Are you affected by CVE-2023-2877?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST