CVE-2023-6842

Summary

CVE-2023-6842 is a vulnerability affecting the Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder plugin for WordPress. This vulnerability allows authenticated attackers with administrator-level access to inject arbitrary web scripts through the name field label and description field label parameters. The vulnerability exists in versions up to 6.7 of the plugin and is due to insufficient input sanitization and output escaping. By exploiting this vulnerability, attackers can execute arbitrary web scripts whenever a user accesses an injected page. Although this vulnerability primarily affects multi-site installations and installations with disabled unfiltered_html, it can be exploited by lower-level user types if they have been granted the necessary permissions. To remediate this issue, users should update the plugin to version 6.8 or newer. The potential danger of this vulnerability lies in the ability for attackers to execute malicious scripts and potentially gain unauthorized access or steal sensitive information from affected WordPress sites.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.