What is CVE-2023-2877?

CVE-2023-2877 is a vulnerability in Formidable Forms, classified under CWE-863 INCORRECT AUTHORIZATION. Published 2023-06-27.

Is CVE-2023-2877 known to be exploited?

4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Formidable Forms

CVE-2023-2877

The Formidable Forms WordPress plugin before 6.3.1 does not adequately authorize the user or validate the plugin URL in its functionality for installing add-ons. This allows a user with a role as low as Subscriber to install and activate a…

EPSS: 0.700 (98.7th percentile) — read the EPSS interpretation.

Affected products

Unknown Formidable Forms — versions 0

Public proof-of-concept exploits

RandomRobbieBF/CVE-2023-2877
20142995/nuclei-templates
abrahim7112/Vulnerability-checking-program-for-Android
nomi-sec/PoC-in-GitHub

References

wpscan.com/vulnerability/33765da5-c56e-42c1-83dd-fcaad976b402 (exploit, vdb-entry, technical-description)

Frequently asked questions

What is CVE-2023-2877?: CVE-2023-2877 is a vulnerability in Formidable Forms, classified under CWE-863 INCORRECT AUTHORIZATION. Published 2023-06-27.
Is CVE-2023-2877 known to be exploited?: 4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.