Lucene search
K

428 matches found

Nuclei
Nuclei
added 15 hours ago385 views

WordPress Plugin Forminator 1.24.6 - Arbitrary File Upload

The Forminator plugin for WordPress is vulnerable to arbitrary file uploads due to file type validation occurring after a file has been uploaded to the server in the uploadpostimage function in versions up to, and including, 1.24.6. This makes it possible for unauthenticated attackers to upload...

9.8CVSS7.4AI score0.12749EPSS
Exploits3References5
NVD
NVD
added yesterday5 views

CVE-2026-57815

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in WPMU DEV - Your All-in-One WordPress Platform Forminator forminator allows Path Traversal.This issue affects Forminator: from n/a through = 1.55.0.2...

7.5CVSS0.00503EPSS
Exploits0References1
NVD
NVD
added yesterday5 views

CVE-2026-57814

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPMU DEV - Your All-in-One WordPress Platform Forminator forminator allows DOM-Based XSS.This issue affects Forminator: from n/a through = 1.55.0.1...

7.1CVSS0.00251EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday29 views

CVE-2026-57815 WordPress Forminator plugin <= 1.55.0.2 - Arbitrary File Download vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in WPMU DEV - Your All-in-One WordPress Platform Forminator forminator allows Path Traversal.This issue affects Forminator: from n/a through = 1.55.0.2...

7.5CVSS0.00503EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday29 views

CVE-2026-57814 WordPress Forminator plugin <= 1.55.0.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPMU DEV - Your All-in-One WordPress Platform Forminator forminator allows DOM-Based XSS.This issue affects Forminator: from n/a through = 1.55.0.1...

7.1CVSS0.00251EPSS
Exploits0References1
CVE
CVE
added yesterday15 views

CVE-2026-57814

The CVE-2026-57814 entry concerns the WordPress Forminator plugin (forms forminator) with a DOM-based XSS vulnerability due to improper input neutralization during web page generation. Affected versions are Forminator

7.1CVSS6.1AI score0.00251EPSS
Exploits0References1
CVE
CVE
added yesterday10 views

CVE-2026-57815

CVE-2026-57815 documents a path traversal vulnerability in the WordPress plugin Forminator (WPMU DEV Your All-in-One WordPress Platform Forminator) affecting version range up to and including 1.55.0.2. The issue is described as Improper Limitation of a Pathname to a Restricted Directory, enabling...

7.5CVSS6.1AI score0.00503EPSS
Exploits0References1
Patchstack
Patchstack
added 6 days ago6 views

WordPress Forminator plugin <= 1.55.0.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by daroo in WordPress Plugin Forminator versions = 1.55.0.1...

7.1CVSS6.1AI score0.00251EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 6 days ago8 views

WordPress Forminator plugin <= 1.55.0.2 - Arbitrary File Download vulnerability

Arbitrary File Download vulnerability discovered by daroo in WordPress Plugin Forminator versions = 1.55.0.2...

7.5CVSS6.1AI score0.00503EPSS
Exploits0Affected Software1
NVD
NVD
added 2026/06/25 2:16 p.m.5 views

CVE-2026-56071

Unauthenticated Cross Site Scripting XSS in Forminator = 1.53.1 versions...

7.1CVSS0.0018EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/25 1:12 p.m.4 views

CVE-2026-56071

Unauthenticated Cross Site Scripting XSS in Forminator = 1.53.1 versions...

7.1CVSS5.8AI score0.0018EPSS
Exploits0References2
CVE
CVE
added 2026/06/25 1:12 p.m.16 views

CVE-2026-56071

CVE-2026-56071 affects WordPress Forminator plugin versions

7.1CVSS5.8AI score0.0018EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/25 1:12 p.m.33 views

CVE-2026-56071 WordPress Forminator plugin <= 1.53.1 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in Forminator = 1.53.1 versions...

7.1CVSS0.0018EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 1:12 p.m.5 views

EUVD-2026-39384

Unauthenticated Cross Site Scripting XSS in Forminator = 1.53.1 versions...

7.1CVSS5.8AI score0.0018EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.12 views

PT-2026-52436

Name of the Vulnerable Software and Affected Versions Forminator versions prior to 1.53.2 Description An unauthenticated cross-site scripting XSS flaw exists due to improper input validation and output encoding of user-supplied data. This allows a remote attacker to inject malicious scripts into...

7.1CVSS5.7AI score0.0018EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/05 7:32 p.m.12 views

CVE-2026-6214

The Forminator Forms plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 1.53.0. This is due to the listenforsavingexportschedule function in library/class-export.php failing to perform a capability check before saving the scheduled export configuration,...

6.5CVSS5.4AI score0.00438EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:32 p.m.10 views

CVE-2026-6222

The Forminator Forms plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 1.51.1. This is due to the processRequest method in ForminatorAdminModuleEditPage admin/abstracts/class-admin-module-edit-page.php dispatching sensitive module-management actions —...

5.3CVSS5.6AI score0.00425EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:29 p.m.10 views

CVE-2026-2729

The Forminator plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.52.0. This is due to the plugin not properly verifying that a user is authorized to perform an action when processing attacker-supplied Stripe PaymentIntent identifiers in the public...

5.3CVSS5.4AI score0.00367EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:19 p.m.9 views

CVE-2026-5192

The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Path Traversal in versions up to, and including, 1.52.1 via the 'upload-1filefilepath' parameter. This makes it possible for unauthenticated attackers to read the contents of arbitrary...

7.5CVSS5.6AI score0.00773EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/05/07 10:26 a.m.17 views

WordPress Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin <= 1.53.0 - Missing Authorization to Authenticated (Subscriber+) Scheduled Form Submission Export vulnerability

Missing Authorization to Authenticated Subscriber+ Scheduled Form Submission Export vulnerability discovered by anhcd05 - VNPT Cyber Immunity in WordPress Plugin Forminator versions = 1.53.0...

6.5CVSS5.8AI score0.00438EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder