Exploit for CVE-2026-2002

🗓️ 22 Jun 2026 12:52:04Reported by typedefabcd1234ntdType

githubexploit

githubexploit🔗 github.com👁 11 Views

Stored XSS in Forminator Forms via form_name up to 1.50.2 allowing admins to inject scripts.

Reporter	Title	Published	Views	Family All 10
ATTACKERKB	CVE-2026-2002	17 Feb 202604:35	–	attackerkb
CNNVD	WordPress plugin Forminator Forms – Contact Form, Payment Form & Custom Form Builder 跨站脚本漏洞	17 Feb 202600:00	–	cnnvd
CVE	CVE-2026-2002	17 Feb 202604:35	–	cve
Cvelist	CVE-2026-2002 Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.50.2 - Authenticated (Administrator+) Stored Cross-Site Scripting	17 Feb 202604:35	–	cvelist
NVD	CVE-2026-2002	17 Feb 202605:16	–	nvd
Patchstack	WordPress Forminator Forms - Contact Form, Payment Form & Custom Form Builder plugin <= 1.50.2 - Authenticated (Administrator+) Stored Cross-Site Scripting vulnerability	16 Feb 202622:34	–	patchstack
Positive Technologies	PT-2026-8396	17 Feb 202600:00	–	ptsecurity
RedhatCVE	CVE-2026-2002	18 Feb 202607:23	–	redhatcve
Vulnrichment	CVE-2026-2002 Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.50.2 - Authenticated (Administrator+) Stored Cross-Site Scripting	17 Feb 202604:35	–	vulnrichment
Wordfence Blog	Wordfence Intelligence Weekly WordPress Vulnerability Report (February 16, 2026 to February 22, 2026)	26 Feb 202616:02	–	wordfence

22 Jun 2026 13:20Current

6Medium risk

Vulners AI Score6

CVSS 3.14.4

EPSS0.00154

SSVC

cross site scripting forminator forms form name parameter admin access wordpress plugin