Description
WordPress Plugin Formidable Forms-Contact Form, Survey, Quiz, Calculator & Custom Form Builder is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently retrieve a list of licenses from the formidablepro.com API with the hosts credentials or inject javascript into an existing form. WordPress Plugin Formidable Forms-Contact Form, Survey, Quiz, Calculator & Custom Form Builder version 2.0.21 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 2.0.22 or latest
References
Related Vulnerabilities
WordPress Plugin Simple Sitemap-Create a Responsive HTML Sitemap Cross-Site Scripting (3.5.7)
WordPress 'wp-admin/admin.php' Module Configuration Security Bypass Vulnerability (0.6.2 - 2.8)
Jboss EAP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-2582)
SugarCRM Other Vulnerability (CVE-2009-2146)
WordPress Plugin WordPress Calls to Action Unspecified Vulnerability (2.3.5)