Lucene search
K

132 matches found

NVD
NVD
added yesterday5 views

CVE-2026-57814

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPMU DEV - Your All-in-One WordPress Platform Forminator forminator allows DOM-Based XSS.This issue affects Forminator: from n/a through = 1.55.0.1...

7.1CVSS0.00251EPSS
Exploits0References1
CVE
CVE
added yesterday14 views

CVE-2026-57814

The CVE-2026-57814 entry concerns the WordPress Forminator plugin (forms forminator) with a DOM-based XSS vulnerability due to improper input neutralization during web page generation. Affected versions are Forminator

7.1CVSS6.1AI score0.00251EPSS
Exploits0References1
CVE
CVE
added yesterday9 views

CVE-2026-57815

CVE-2026-57815 documents a path traversal vulnerability in the WordPress plugin Forminator (WPMU DEV Your All-in-One WordPress Platform Forminator) affecting version range up to and including 1.55.0.2. The issue is described as Improper Limitation of a Pathname to a Restricted Directory, enabling...

7.5CVSS6.1AI score0.00503EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday17 views

CVE-2026-57814 WordPress Forminator plugin <= 1.55.0.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPMU DEV - Your All-in-One WordPress Platform Forminator forminator allows DOM-Based XSS.This issue affects Forminator: from n/a through = 1.55.0.1...

7.1CVSS0.00251EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday17 views

CVE-2026-57815 WordPress Forminator plugin <= 1.55.0.2 - Arbitrary File Download vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in WPMU DEV - Your All-in-One WordPress Platform Forminator forminator allows Path Traversal.This issue affects Forminator: from n/a through = 1.55.0.2...

7.5CVSS0.00503EPSS
Exploits0References1
Patchstack
Patchstack
added 6 days ago5 views

WordPress Forminator plugin <= 1.55.0.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by daroo in WordPress Plugin Forminator versions = 1.55.0.1...

7.1CVSS6.1AI score0.00251EPSS
Exploits0Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/25 1:12 p.m.4 views

CVE-2026-56071

Unauthenticated Cross Site Scripting XSS in Forminator = 1.53.1 versions...

7.1CVSS5.8AI score0.0018EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.15 views

PT-2026-38339

The Forminator Forms plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 1.53.0. This is due to the listen for saving export schedule function in library/class-export.php failing to perform a capability check before saving the scheduled export configuration...

6.5CVSS5.7AI score0.00438EPSS
Exploits0References7
EUVD
EUVD
added 2026/05/05 9:31 a.m.6 views

EUVD-2026-27223

The Forminator plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.52.0. This is due to the plugin not properly verifying that a user is authorized to perform an action when processing attacker-supplied Stripe PaymentIntent identifiers in the public...

5.3CVSS5.8AI score0.00367EPSS
Exploits0References3
NVD
NVD
added 2026/05/05 7:15 a.m.11 views

CVE-2026-2729

The Forminator plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.52.0. This is due to the plugin not properly verifying that a user is authorized to perform an action when processing attacker-supplied Stripe PaymentIntent identifiers in the public...

5.3CVSS0.00367EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/05 6:43 a.m.36 views

CVE-2026-2729 Forminator – Contact Form, Payment Form & Custom Form Builder <= 1.52.0 - Missing Authorization to Unauthenticated Stripe PaymentIntent Reuse / Underpayment Bypass via 'paymentid' Parameter

The Forminator plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.52.0. This is due to the plugin not properly verifying that a user is authorized to perform an action when processing attacker-supplied Stripe PaymentIntent identifiers in the public...

5.3CVSS0.00367EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/05 6:43 a.m.5 views

CVE-2026-2729

The Forminator plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.52.0. This is due to the plugin not properly verifying that a user is authorized to perform an action when processing attacker-supplied Stripe PaymentIntent identifiers in the public...

5.3CVSS5.8AI score0.00367EPSS
Exploits0References3
CVE
CVE
added 2026/05/05 6:43 a.m.21 views

CVE-2026-5192

The CVE concerns the WordPress plugin Forminator Forms – Contact Form, Payment Form & Custom Form Builder

7.5CVSS5.9AI score0.00773EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/05 6:43 a.m.7 views

CVE-2026-2729 Forminator – Contact Form, Payment Form & Custom Form Builder <= 1.52.0 - Missing Authorization to Unauthenticated Stripe PaymentIntent Reuse / Underpayment Bypass via 'paymentid' Parameter

The Forminator plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.52.0. This is due to the plugin not properly verifying that a user is authorized to perform an action when processing attacker-supplied Stripe PaymentIntent identifiers in the public...

5.3CVSS5.8AI score0.00367EPSS
Exploits0References2
CVE
CVE
added 2026/05/05 6:43 a.m.24 views

CVE-2026-2729

CVE-2026-2729 affects the WordPress plugin Forminator (versions up to 1.52.0). The vulnerability arises from missing authorization when processing attacker-supplied Stripe PaymentIntent identifiers during the public payment flow, allowing unauthenticated attackers to submit high-value paid forms ...

5.3CVSS5.8AI score0.00367EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.11 views

PT-2026-36978

Name of the Vulnerable Software and Affected Versions Forminator plugin for WordPress versions prior to 1.53.0 Description An authorization bypass exists because the plugin fails to properly verify user authorization when processing Stripe PaymentIntent identifiers in the public payment flow. Thi...

5.3CVSS5.8AI score0.00367EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.9 views

WordPress plugin Forminator 路径遍历漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

7.5CVSS5.8AI score0.00773EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.11 views

WordPress plugin Forminator 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

5.3CVSS5.8AI score0.00367EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/13 9:31 p.m.3 views

EUVD-2026-11926

Missing Authorization vulnerability in WPMU DEV - Your All-in-One WordPress Platform Forminator forminator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Forminator: from n/a through = 1.50.2...

5.3CVSS5.8AI score0.0019EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/13 11:42 a.m.3 views

CVE-2026-32409

Missing Authorization vulnerability in WPMU DEV - Your All-in-One WordPress Platform Forminator forminator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Forminator: from n/a through = 1.50.2...

5.8AI score0.0019EPSS
Exploits0References2
Rows per page
Query Builder