CVE-2023-1405
Formidable Forms < 6.2 - Unauthenticated PHP Object InjectionThe Formidable Forms WordPress plugin before 6.2 unserializes user input, which could allow anonymous users to perform PHP Object Injection when a suitable gadget is present.
We have discovered 14,125 live websites that are affected by CVE-2023-1405.
Affected Software
| Product |  Formidable Forms |
| Category | Wordpress Plugins |
| Vulnerable Domains | 14,125 live websites (21.91% of Formidable Forms install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 238 versions ( 82.35% of all versions) |
Common Weakness Enumeration
CWE-502 Deserialization of Untrusted DataDetails
- Published - Jan 16, 2024
- Updated - Oct 22, 2024
Credits
- Nguyen Huu Do (finder)
- WPScan (coordinator)
CWE
CVE References
CWE References
CVE-2023-1405 usage by Country
 United States | 6,138 websites |
 Germany | 1,180 websites |
 France | 1,107 websites |
 GB | 865 websites |
 Netherlands | 431 websites |
 Sweden | 405 websites |
 Australia | 377 websites |
 Canada | 375 websites |
 Italy | 285 websites |
 Spain | 257 websites |
CVE-2023-1405 usage by TLD
| .com | 6,605 websites |
| .co.uk | 798 websites |
| .org | 661 websites |
| .de | 513 websites |
| .fr | 476 websites |
| .com.au | 467 websites |
| .nl | 458 websites |
| .ca | 352 websites |
| .se | 304 websites |
| .it | 270 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2023-1405
Top websites that are affected by CVE-2023-1405. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ********.ru |  Russia | **,*** | |
| *******************.org | United States | **,*** | |
| **************.org | United States | **,*** | |
| *******.com | France | **,*** | |
| ***************.com | United States | **,*** | |
| **.org | United States | **,*** | |
| ***************.nyc | United States | **,*** | |
| *******.com | United States | ***,*** | |
| **********.com | United States | ***,*** | |
| *******.ch |  Switzerland | ***,*** |
FAQ
CVE-2023-1405 is Deserialization of Untrusted Data in Formidable Forms
A total of 14,125 websites have been identified as vulnerable to CVE-2023-1405, discovered through global website indexing conducted by WebTechSurvey.
Formidable Forms is susceptible to CVE-2023-1405 vulnerability.
Formidable Forms versions before 6.2 are vulnerable to CVE-2023-1405.
Version 6.2 of Formidable Forms addresses the CVE-2023-1405 security vulnerability.