WordPress Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin <= 1.52.0 - Missing Authorization to Unauthenticated Stripe PaymentIntent Reuse / Underpayment Bypass vulnerability

Missing Authorization to Unauthenticated Stripe PaymentIntent Reuse / Underpayment Bypass vulnerability discovered by Kittipat Jitphonchana in WordPress Plugin Forminator versions = 1.52.0...

CVE-2026-32409 WordPress Forminator plugin <= 1.50.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in WPMU DEV - Your All-in-One WordPress Platform Forminator forminator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Forminator: from n/a through = 1.50.2...

PT-2026-25255

Missing Authorization vulnerability in WPMU DEV - Your All-in-One WordPress Platform Forminator forminator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Forminator: from n/a through = 1.50.2...

WordPress Forminator Forms Code Issue Vulnerability

WordPress Forminator Forms is a powerful free form builder plugin that supports the creation of many types of interactive forms. WordPress Forminator Forms suffers from a code issue vulnerability that stems from deserializing untrusted inputs in the function entrydeleteuploadfiles, which can be...

CVE-2024-3053

The Forminator – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ forminatorform shortcode attribute in versions up to, and including, 1.29.2 due to insufficient input sanitization and output escaping. This makes it...

WordPress Forminator plugin <= 1.42.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'limit' vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'limit' vulnerability discovered by Asaf Mozes in WordPress Plugin Forminator versions = 1.42.0...

WordPress Forminator plugin <= 1.39.2 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Forminator versions 1.39.2...

WordPress Forminator Forms plugin <= 1.35.1 - Cross-Site Request Forgery to Draft Quiz Creation vulnerability

Cross-Site Request Forgery to Draft Quiz Creation vulnerability discovered by Vijaysimha Reddy vijaysimha in WordPress Plugin Forminator versions = 1.35.1...

WordPress Forminator Plugin <= 1.35.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software Forminator Type Plugin Vulnerable versions = 1.35.1 Fixed in 1.36.0 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-9351 Patch priority Low CVSS severity Low 4.3 Developer WPMU DEV PSID 842f218e0ebe Credits Vijaysimha Reddy vijaysimha...

WordPress Forminator Plugin <= 1.35.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software Forminator Type Plugin Vulnerable versions = 1.35.1 Fixed in 1.36.0 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-9352 Patch priority Low CVSS severity Low 4.3 Developer WPMU DEV PSID 2a09c8737b42 Credits Vijaysimha Reddy vijaysimha...

WordPress Forminator plugin <= 1.29.1 - HubSpot Developer API Key Sensitive Information Exposure vulnerability

HubSpot Developer API Key Sensitive Information Exposure vulnerability discovered by Sean Murphy in WordPress Plugin Forminator versions = 1.29.1...

WordPress Forminator Plugin <= 1.29.1 is vulnerable to Sensitive Data Exposure

Software Forminator Type Plugin Vulnerable versions = 1.29.1 Fixed in 1.29.2 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-7389 Patch priority Low CVSS severity Low 5.8 Developer WPMU DEV PSID d0a947757282 Credits Sean Murphy Required privilege...

WordPress Forminator Plugin <= 1.29.2 is vulnerable to Cross Site Scripting (XSS)

Software Forminator Type Plugin Vulnerable versions = 1.29.2 Fixed in 1.29.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3053 Patch priority Low CVSS severity Low 6.5 Developer WPMU DEV PSID 65d61e38cc9c Credits wesley wcraft Required privilege...

WordPress Forminator Plugin <= 1.29.0 is vulnerable to Cross Site Scripting (XSS)

Software Forminator Type Plugin Vulnerable versions = 1.29.0 Fixed in 1.29.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1794 Patch priority Medium CVSS severity Medium 7.1 Developer WPMU DEV PSID adc117fb9f27 Credits wesley wcraft Required...

CVE-2024-29777 WordPress Forminator plugin <= 1.29.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPMU DEV - Your All-in-One WordPress Platform Forminator forminator.This issue affects Forminator: from n/a through = 1.29.0...

WordPress Forminator Plugin <= 1.29.0 is vulnerable to Cross Site Scripting (XSS)

Software Forminator Type Plugin Vulnerable versions = 1.29.0 Fixed in 1.29.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29777 Patch priority Medium CVSS severity Medium 7.1 Developer WPMU DEV PSID 4c3587917921 Credits Rafie Muhammad Patchstack Required privile...

WordPress Forminator Plugin <= 1.27.0 is vulnerable to Arbitrary File Upload

Software Forminator Type Plugin Vulnerable versions = 1.27.0 Fixed in 1.28.0 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2023-6133 Patch priority Low CVSS severity Low 6.6 Developer WPMU DEV PSID e543496c8db2 Credits István Márton Required privilege Administrator...

WordPress Forminator Plugin < 1.24.4 XSS Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:incsub:forminator"; if description...