N/A
2026-03-12< 6.29
Formidable Forms <= 6.28 - Missing Authorization to Unauthenticated Payment Integrity Bypass via PaymentIntent Reuse
Formidable Forms – Contact Form Plugin, Survey, Quiz, Payment, Calculator Form & Custom Form Builder
Minimum safe version
6.29
Update to 6.29 or later to address 40 fixable vulnerabilities
Latest available6.30 ✓
N/A
2026-03-12< 6.29
Formidable Forms <= 6.28 - Unauthenticated Payment Amount Manipulation via 'item_meta' Parameter
Medium 6.1
2024-11-23< 6.16.2
CVE-2024-11188
Medium 4.8
2024-11-21< 6.14.1
CVE-2024-9768
Medium 5.3
2024-10-16< 2.05.03
CVE-2017-20194
High 8.3
2024-10-16< 2.05.03
CVE-2017-20192
Medium 5.4
2024-07-31< 6.11.2
CVE-2024-6725
Medium 5.3
2024-05-17< 6.7.1
CVE-2024-23522
Medium 4.3
2024-02-05< 6.8
CVE-2024-0660
Medium 6.1
2024-01-09< 6.7.1
CVE-2023-6830
Medium 4.8
2024-01-09< 6.7.1
CVE-2023-6842
High 8.8
2023-06-27< 6.3.1
CVE-2023-2877
N/A
2023-06-01< 6.3.1
WordPress Formidable Forms Plugin < 6.3.1 is vulnerable to Broken Access Control
N/A
2023-05-31< 6.3.1
Formidable Forms <= 6.3 - Authenticated (Subscriber+) Arbitrary Plugin Installation and Activation
N/A
2009-12-22< 1.06.03
CVE-2009-4140
N/A
< 2.05.03
Formidable Forms < 2.05.03 - Multiple Vulnerabilities
High 7.5
2024-01-16< 6.2
CVE-2023-1405
Medium 6.5
2023-03-27< 6.1
CVE-2023-0816
Medium 4.3
2024-12-13< 5.5.5
CVE-2022-45806
High 7.1
2023-02-28< 5.5.7
CVE-2023-24419
N/A
2023-02-01< 5.5.7
Formidable Form Builder <= 5.5.6 - Cross-Site Request Forgery
N/A
2016-02-16< 2.0.22
Formidable Form Builder <= 2.0.21 - Missing Authorization Checks
N/A
2017-11-12< 2.05.03
Formidable Form Builder < 2.05.03 - Unauthenticated Information Disclosure
N/A
2017-11-13< 2.05.03
Formidable Form Builder < 2.05.03 - Reflected Cross-Site Scripting
N/A
2017-11-13< 2.05.03
Formidable Form Builder < 2.05.03 - Unauthenticated Stored Cross-Site Scripting
N/A
2017-11-13< 2.05.03
Formidable Form Builder < 2.05.03 - SQL Injection
N/A
2022-12-21< 5.5.5
WordPress Formidable Forms Plugin <= 5.5.4 is vulnerable to Cross Site Request Forgery (CSRF)
N/A
2022-12-21< 5.5.5
WordPress Formidable Forms Plugin <= 5.5.4 is vulnerable to Server Side Request Forgery (SSRF)
N/A
2022-12-16< 5.5.5
Formidable Forms <= 5.5.4 - Authenticated (Admin+) Server-Side Request Forgery
N/A
2022-12-16< 5.5.5
Formidable Form Builder <= 5.5.4 - Cross-Site Request Forgery
N/A
2016-01-29< 2.0
WordPress Formidable Forms Plugin <= 1.07.11 - Blind SQL Injection
N/A
2016-01-29< 1.06.09
WordPress Formidable Forms Plugin <= 1.06.08 - Unspecified Vulnerabilities
N/A
2016-01-29< 1.06.04
WordPress Formidable Forms Plugin <= 1.06.03 - Remote Code Execution
N/A
2017-11-20< 2.05.03
WordPress Formidable Forms plugin <=2.05.02 - Multiple vulnerabilities
N/A
2017-11-20< 2.05.03
WordPress Formidable Forms plugin <=2.05.02 - Multiple Cross-Site Scripting (XSS) vulnerabilities
N/A
2017-11-20< 2.05.03
WordPress Formidable Forms plugin <=2.05.02 - SQL Injection (SQLi) vulnerability
N/A
2021-10-14< 5.0.07
CVE-2021-39330
Critical 9.8
2019-08-29< 4.02.01
CVE-2019-15780
Critical 9.6
2021-10-25< 4.09.05
CVE-2021-24884
Medium 4.8
2021-10-25< 5.0.07
CVE-2021-24608