Description

WordPress Plugin Formidable Forms Builder for WordPress-Contact Forms, Surveys & Quiz Forms is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently retrieve a list of licenses from the formidablepro.com API with the hosts credentials or inject javascript into an existing form. WordPress Plugin Formidable Forms Builder for WordPress-Contact Forms, Surveys & Quiz Forms version 2.0.21 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 2.0.22 or latest

References

Related Vulnerabilities