exploitDog

CVE-2023-0816

Опубликовано: 27 мар. 2023

Источник: nvd

CVSS3: 6.5

EPSS Низкий

Описание

The Formidable Forms WordPress plugin before 6.1 uses several potentially untrusted headers to determine the IP address of the client, leading to IP Address spoofing and bypass of anti-spam protections.

Ссылки

https://wpscan.com/vulnerability/a281f63f-e295-4666-8a08-01b23cd5a744
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/a281f63f-e295-4666-8a08-01b23cd5a744
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:strategy11:formidable_form_builder:*:*:*:*:*:wordpress:*:*

Версия до 6.1 (исключая)

EPSS

Процентиль: 25%

0.00085

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-290

Связанные уязвимости

GHSA-m9ch-6hh2-gc9w

CVSS3: 6.5

github

почти 3 года назад

The Formidable Forms WordPress plugin before 6.1 uses several potentially untrusted headers to determine the IP address of the client, leading to IP Address spoofing and bypass of anti-spam protections.

EPSS

Процентиль: 25%

0.00085

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-290