WordPress Plugin Vulnerabilities

Formidable < 4.02.01 - Unsafe Deserialisation

Description

The Formidable Form Builder – Contact Form, Survey & Quiz Forms Plugin for WordPress WordPress plugin was affected by an Unsafe Deserialisation security vulnerability.

Affects Plugins

Plugin icon
formidable
Fixed in 4.02.01

References

CVE
CVE-2019-15780
URL
https://raw.githubusercontent.com/Strategy11/formidable-forms/master/changelog.txt
URL
https://pentest.co.uk/labs/advisory/cve-2019-15780/

Classification

Type
OBJECT INJECTION
OWASP top 10
A8: Insecure Deserialization
CWE
CWE-502
CVSS
9.8 (critical)

Miscellaneous

Verified
No
WPVDB ID
4416029f-6ecc-4971-bc9e-cfe2651c7f5a

Timeline

Publicly Published
2019-08-09 (about 6 years ago)
Added
2019-11-03 (about 6 years ago)
Last Updated
2020-12-10 (about 5 years ago)

Other

Published
Title
Published
2017-10-12
Title
Invite Anyone <= 1.3.18 - Unauthenticated PHP Object Injection
Published
2026-01-20
Title
Nexter Extension – Site Enhancements Toolkit < 4.4.7 - Unauthenticated PHP Object Injection via 'nxt_unserialize_replace'
Published
2025-04-15
Title
uListing <= 2.2.0 - Authenticated (Subscriber+) PHP Object Injection
Published
2023-12-05
Title
Sayfa Sayaç <= 2.6 - Unauthenticated PHP Object Injection
Published
2022-07-18
Title
Feed Them Social < 2.9.8.6 - Unauthenticated PHAR Deserialisation