Lucene search

CVE-2024-1794

🗓️ 09 Apr 2024 19:19:15Reported by WordfenceType

The Forminator plugin for WordPress has a Stored Cross-Site Scripting vulnerability due to insufficient input sanitization and output escaping, allowing unauthenticated attackers to inject arbitrary web scripts

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 7
WPVulnDB	Forminator < 1.29.1 - Unauthenticated Stored XSS	2 Apr 202400:00	–	wpvulndb
Cvelist	CVE-2024-1794	9 Apr 202418:58	–	cvelist
NVD	CVE-2024-1794	9 Apr 202419:15	–	nvd
Vulnrichment	CVE-2024-1794	9 Apr 202418:58	–	vulnrichment
Patchstack	WordPress Forminator Plugin <= 1.29.0 is vulnerable to Cross Site Scripting (XSS)	1 Apr 202400:00	–	patchstack
OpenVAS	WordPress Forminator Plugin < 1.29.1 Multiple XSS Vulnerabilities	10 May 202400:00	–	openvas
Wordfence Blog	Wordfence Intelligence Weekly WordPress Vulnerability Report (March 25, 2024 to March 31, 2024)	4 Apr 202417:35	–	wordfence

Nvd

Vulners

Node

incsub forminatorRange≤1.29.1freewordpress

incsub forminatorRange≤1.29.1prowordpress

[
  {
    "vendor": "wpmudev",
    "product": "Forminator – Contact Form, Payment Form & Custom Form Builder",
    "versions": [
      {
        "version": "*",
        "status": "affected",
        "lessThanOrEqual": "1.29.0",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Source	Link
plugins	www.plugins.trac.wordpress.org/changeset
wordfence	www.wordfence.com/threat-intel/vulnerabilities/id/23feb72c-7e6f-436b-b56e-dc6185302d31

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

09 Apr 2024 19:15Current

7.8High risk

Vulners AI Score7.8

CVSS36.1 - 7.2

EPSS0.0109

SSVC

CWE-79