WordPress Plugin Vulnerabilities

Formidable Forms < 5.5.7 - Arbitrary Entry Deletion via CSRF

Description

The plugin does not have CSRF check when deleting entries, which could allow attackers to make logged in admins perform such action via a CSRF attack

Affects Plugins

Plugin icon
formidable
Fixed in 5.5.7

References

CVE
CVE-2023-24419

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
5.4 (medium)

Miscellaneous

Original Researcher
Rafshanzani Suhada
Verified
No
WPVDB ID
a933a990-c285-42e7-ba93-847c89fe7048

Timeline

Publicly Published
2023-02-02 (about 3 years ago)
Added
2023-02-28 (about 3 years ago)
Last Updated
2023-02-28 (about 3 years ago)

Other

Published
Title
Published
2024-11-28
Title
WP Revisions Manager <= 1.0.2 - Cross-Site Request Forgery
Published
2025-07-30
Title
Ebook Store < 5.8014 - Cross-Site Request Forgery
Published
2023-11-28
Title
Affiliate Booster < 3.0.6 - Blocks Enabling/Disabling via CSRF
Published
2020-09-16
Title
Easy Testimonials < 3.7 - Cross-Site Request Forgery
Published
2025-06-19
Title
PixelBeds Channel Manager and Hotel Booking Engine <= 1.0 - Cross-Site Request Forgery