Description
The Formidable Forms WordPress plugin before 6.1 uses several potentially untrusted headers to determine the IP address of the client, leading to IP Address spoofing and bypass of anti-spam protections.
References
https://wpscan.com/vulnerability/a281f63f-e295-4666-8a08-01b23cd5a744
ExploitThird Party Advisory
https://wpscan.com/vulnerability/a281f63f-e295-4666-8a08-01b23cd5a744
ExploitThird Party Advisory
CVSS impact metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
6.5 · Medium
CVSS V3.1
CVSS V3.0
CVSS V2.0
Information
Source identifier
Vulnerability status
Modified
Published
2023-03-27T16:15:09.277
2 years agoLast modified
2025-02-19T17:15:12.377
4 months ago