Advisories

CVE-2019-15780

< Back to advisories

CVE ID – CVE-2019-15780

CVSS SCORE – 9.0 (AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)

AFFECTED VENDORS – Strategy11

AFFECTED PRODUCTS – Formidable Worpress Plugin

VULNERABILITY DETAILS – The Formidable plugin (version 4.01.02 and below) was found to be vulnerable to a PHP Object Injection attack. Due to the application de-serialising untrusted user input, it was possible to insert a malicious payload which allowed an unauthenticated attacker to execute commands on the underlying server.

ADDITIONAL DETAILS – The vendor has released an update to patch this vulnerability. Information can be found here: https://wordpress.org/plugins/formidable/#developers

DISCLOSURE TIMELINE:
05/08/2019 Disclosure to vendor
06/08/2019 vendor acknowledged vulnerability
09/08/2019 Fix released

CREDIT – Sam Thomas, Nour Alomary

The latest research and insights from Pentest

Looking for more than just a test provider?

Get in touch with our team and find out how our tailored services can provide you with the information security confidence you need.

Contact us today >
Pentest - CREST Accreditation
Pentest ISO 9001 Accreditation
Pentest ISO 27001 Accreditation
Pentest - Cyber Essentials Plus Accreditation
Pentest - OSCP Accreditation

/contact Us

/connect

Twitter Linkedin-in Github Youtube

/services

/about

/links

Pentest Limited is registered in England and Wales with company number 11925182

Registered address: 22 Great James Street, London, WC1N 3ES

VAT registration No: 331802826​

© 2019 - Present. Pentest Limited. All rights reserved.