WordPress Plugin Vulnerabilities

Formidable Forms < 2.0 - Authenticated Blind SQL Injection

Description

The Formidable Form Builder – Contact Form, Survey & Quiz Forms Plugin for WordPress WordPress plugin was affected by an Authenticated Blind SQL Injection security vulnerability.

Affects Plugins

Plugin icon
formidable
Fixed in 2.0

References

CVE
CVE-2014-9309
URL
https://security.szurek.pl/formidable-forms-10711-blind-sql-injection.html

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89
CVSS
6.8 (medium)

Miscellaneous

Submitter
Kacper Szurek
Submitter website
http://security.szurek.pl/
Submitter twitter
https://twitter.com/KacperSzurek
Verified
No
WPVDB ID
ec04b25b-1898-460f-a119-6450a4421ed1

Timeline

Publicly Published
2016-01-26 (about 10 years ago)
Added
2016-01-29 (about 10 years ago)
Last Updated
2021-10-06 (about 4 years ago)

Other

Published
Title
Published
2021-08-06
Title
Paid Member Subscriptions < 2.4.2 - Authenticated SQL Injection
Published
2025-05-16
Title
SHOUT <= 3.5.3 - Authenticated (Contributor+) SQL Injection
Published
2025-03-24
Title
Shuffle <= 0.5 - Authenticated (Subscriber+) SQL Injection
Published
2021-10-16
Title
Speed Booster Pack < 4.3.3.1 - Admin+ SQL Injection
Published
2016-02-25
Title
WP Ultimate Exporter <= 1.1 - Unauthenticated SQL Injection