Medium severity6.5NVD Advisory· Published Jan 9, 2024· Updated Apr 8, 2026

CVE-2023-6830

Description

The Formidable Forms plugin for WordPress is vulnerable to HTML injection in versions up to, and including, 6.7. This vulnerability allows unauthenticated users to inject arbitrary HTML code into form fields. When the form data is viewed by an administrator in the Entries View Page, the injected HTML code is rendered, potentially leading to admin area defacement or redirection to malicious websites. CVE-2024-23522 appears to be a duplicate of this issue.

Affected products

Strategy11/Formidable Form Builder
cpe:2.3:a:strategy11:formidable_form_builder:*:*:*:*:*:wordpress:*:*
Range: <=6.7

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

plugins.trac.wordpress.org/changesetnvdThird Party Advisory
www.wordfence.com/threat-intel/vulnerabilities/id/ff294b0f-97fe-4d27-bf93-f5bbb57ac1f6nvdThird Party Advisory

News mentions

No linked articles in our index yet.

cvss	0.423
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000