CVE-2023-6830: XSS
First published: Tue Jan 09 2024(Updated: )
The Formidable Forms plugin for WordPress is vulnerable to HTML injection in versions up to, and including, 6.7. This vulnerability allows unauthenticated users to inject arbitrary HTML code into form fields. When the form data is viewed by an administrator in the Entries View Page, the injected HTML code is rendered, potentially leading to admin area defacement or redirection to malicious websites.
Credit: security@wordfence.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Formidable Forms | <=6.7 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2023-6830?
CVE-2023-6830 has been assessed as a medium severity vulnerability.
How do I fix CVE-2023-6830?
To fix CVE-2023-6830, update the Formidable Forms plugin to version 6.8 or later.
Who is affected by CVE-2023-6830?
CVE-2023-6830 affects all versions of the Formidable Forms plugin up to and including version 6.7.
What type of attack can CVE-2023-6830 enable?
CVE-2023-6830 can enable an attacker to perform HTML injection attacks, potentially compromising the site.
Is user authentication required to exploit CVE-2023-6830?
No, CVE-2023-6830 can be exploited by unauthenticated users.
- agent/references
- agent/type
- agent/author
- agent/description
- agent/weakness
- collector/epss-latest
- source/FIRST
- agent/epss
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/strategy11
- canonical/formidable forms
- version/formidable forms/6.7