Formidable Forms
Strategy11 Team
Developer
6.25.1
Latest version
300,000
Installations
Nov 4, 2025
Last updated
Vulnerability history
0 present
22 fixed
4 Mitigation rules
- Reflected Cross-Site Scripting via Custom HTML Form Parameter vulnerability<= 6.16.1.2Nov 22, 2024
- Admin+ Stored XSS vulnerability< 6.14.1Nov 21, 2024
- Authenticated (Subscriber+) Stored Cross-Site Scripting vulnerability<= 6.11.1Jul 31, 2024
- Content Injection vulnerability<= 6.7Jan 31, 2024
- Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability<= 6.7.2Jan 29, 2024
- Authenticated (Administrator+) Stored Cross-Site Scripting vulnerability<= 6.7Jan 9, 2024
- Auth. Remote Code Execution (RCE) vulnerability< 6.3.1Jun 27, 2023
- Unauth. PHP Object Injection vulnerability<= 6.1.2Apr 7, 2023
- IP Spoofing vulnerability< 6.1Mar 13, 2023
- Broken Access Control vulnerability<= 5.5.4Feb 3, 2023
- Cross Site Request Forgery (CSRF)<= 5.5.6Feb 2, 2023
- Cross-Site Request Forgery vulnerability<= 5.5.4Dec 21, 2022
- Authenticated (Admin+) Server-Side Request Forgery vulnerability<= 5.5.4Dec 21, 2022
- Authenticated Stored Cross-Site Scripting (XSS) vulnerability<= 5.0.06Oct 13, 2021
- Stored Cross-Site Scripting (XSS) vulnerability<= 4.09.04Jan 28, 2021
- Unsafe Deserialisation vulnerability<= 4.02Aug 9, 2019
- SQL Injection (SQLi) vulnerability<= 2.05.02Nov 20, 2017
- Multiple Cross-Site Scripting (XSS) vulnerabilities<= 2.05.02Nov 20, 2017
- Multiple vulnerabilities<= 2.05.02Nov 20, 2017
- Remote Code Execution<= 1.06.03Jan 29, 2016
- Unspecified Vulnerabilities<= 1.06.08Jan 29, 2016
- Blind SQL Injection<= 1.07.11Jan 29, 2016