CVSS 3.1 Score 4.4 of 10 (medium)


Published Jan 9, 2024
Updated: Jan 16, 2024


CVE-2023-6842 is a vulnerability affecting the Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder plugin for WordPress. This vulnerability allows authenticated attackers with administrator-level access to inject arbitrary web scripts through the name field label and description field label parameters. The vulnerability exists in versions up to 6.7 of the plugin and is due to insufficient input sanitization and output escaping. By exploiting this vulnerability, attackers can execute arbitrary web scripts whenever a user accesses an injected page. Although this vulnerability primarily affects multi-site installations and installations with disabled unfiltered_html, it can be exploited by lower-level user types if they have been granted the necessary permissions. To remediate this issue, users should update the plugin to version 6.8 or newer. The potential danger of this vulnerability lies in the ability for attackers to execute malicious scripts and potentially gain unauthorized access or steal sensitive information from affected WordPress sites.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-6842 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options