CVE-2023-2877
Formidable Forms < 6.3.1 - Subscriber+ Remote Code ExecutionThe Formidable Forms WordPress plugin before 6.3.1 does not adequately authorize the user or validate the plugin URL in its functionality for installing add-ons. This allows a user with a role as low as Subscriber to install and activate arbitrary plugins of arbitrary versions from the WordPress.org plugin repository onto the site, leading to Remote Code Execution.
We have discovered 14,634 live websites that are affected by CVE-2023-2877.
Affected Software
| Product |  Formidable Forms |
| Category | Wordpress Plugins |
| Vulnerable Domains | 14,634 live websites (22.70% of Formidable Forms install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 243 versions ( 84.08% of all versions) |
Common Weakness Enumeration
CWE-863 Incorrect AuthorizationDetails
- Published - Jun 27, 2023
- Updated - Dec 3, 2024
Credits
- Alex Sanford (finder)
- WPScan (coordinator)
CWE
CVE References
CWE References
CVE-2023-2877 usage by Country
 United States | 6,391 websites |
 Germany | 1,224 websites |
 France | 1,133 websites |
 GB | 885 websites |
 Netherlands | 442 websites |
 Sweden | 406 websites |
 Australia | 394 websites |
 Canada | 388 websites |
 Italy | 293 websites |
 Spain | 268 websites |
CVE-2023-2877 usage by TLD
| .com | 6,870 websites |
| .co.uk | 818 websites |
| .org | 680 websites |
| .de | 534 websites |
| .com.au | 492 websites |
| .fr | 488 websites |
| .nl | 471 websites |
| .ca | 375 websites |
| .se | 305 websites |
| .net | 274 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2023-2877
Top websites that are affected by CVE-2023-2877. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ********.ru |  Russia | **,*** | |
| *******************.org | United States | **,*** | |
| **************.org | United States | **,*** | |
| *******.com | France | **,*** | |
| ***************.com | United States | **,*** | |
| **.org | United States | **,*** | |
| ***************.nyc | United States | **,*** | |
| *******.com | United States | ***,*** | |
| **********.com | United States | ***,*** | |
| *******.ch |  Switzerland | ***,*** |
FAQ
CVE-2023-2877 is Incorrect Authorization in Formidable Forms
A total of 14,634 websites have been identified as vulnerable to CVE-2023-2877, discovered through global website indexing conducted by WebTechSurvey.
Formidable Forms is susceptible to CVE-2023-2877 vulnerability.
Formidable Forms versions before 6.3.1 are vulnerable to CVE-2023-2877.
Version 6.3.1 of Formidable Forms addresses the CVE-2023-2877 security vulnerability.