CVE-2023-2877

HIGH EXPLOITED

Formidable Forms < 6.3.1 - Unauthenticated Arbitrary Plugin Installation and Remote Code Execution

Title source: llm

Exploitation Summary

CVE-2023-2877 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit from researchers including RandomRobbieBF.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2023-2877, which targets Formidable Forms < 6.3.1. The exploit leverages a token-based plugin installation mechanism to install a vulnerable plugin (User Post Gallery) and then executes arbitrary commands via an AJAX endpoint.

Description

The Formidable Forms WordPress plugin before 6.3.1 does not adequately authorize the user or validate the plugin URL in its functionality for installing add-ons. This allows a user with a role as low as Subscriber to install and activate arbitrary plugins of arbitrary versions from the WordPress.org plugin repository onto the site, leading to Remote Code Execution.

Exploits (1)

nomisec WORKING POC 2 stars

by RandomRobbieBF · remote-auth

https://github.com/RandomRobbieBF/CVE-2023-2877

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2023-2877, which targets Formidable Forms < 6.3.1. The exploit leverages a token-based plugin installation mechanism to install a vulnerable plugin (User Post Gallery) and then executes arbitrary commands via an AJAX endpoint.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Formidable Forms < 6.3.1

Auth required

Prerequisites: Valid WordPress credentials · Formidable Forms plugin installed and activated · Network access to the target WordPress site

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit, Third Party Advisory exploit vdb-entry technical-description

https://wpscan.com/vulnerability/33765da5-c56e-42c1-83dd-fcaad976b402

Scores

CVSS v3 8.8

EPSS 0.7001

EPSS Percentile 98.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

VulnCheck KEV 2023-01-10

Status published

Products (1)

strategy11/formidable_forms < 6.3.1

Published Jun 27, 2023

Tracked Since Feb 18, 2026