WordPress Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin <= 1.53.0 - Missing Authorization to Authenticated (Subscriber+) Scheduled Form Submission Export vulnerability

Missing Authorization to Authenticated Subscriber+ Scheduled Form Submission Export vulnerability discovered by anhcd05 - VNPT Cyber Immunity in WordPress Plugin Forminator versions = 1.53.0...

CVE-2026-24373

Incorrect Privilege Assignment vulnerability in Metagauss RegistrationMagic custom-registration-form-builder-with-submission-manager allows Privilege Escalation.This issue affects RegistrationMagic: from n/a through = 6.0.7.1...

WordPress Gutena Forms plugin < 1.6.1 - Contributor+ Arbitrary Limited Options Update vulnerability

Contributor+ Arbitrary Limited Options Update vulnerability discovered by yiğit ibrahim sağlam in WordPress Plugin Gutena Forms – Contact Form, Survey Form, Feedback Form, Booking Form, and Custom Form Builder versions 1.6.1...

CVE-2024-10402

The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.35.1. This makes it possible for authenticated attackers, with Contributor-leve...

CVE-2024-9352 Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.35.1 - Cross-Site Request Forgery to Draft Custom Form Creation

The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.35.1. This is due to missing or incorrect nonce validation on the custom form 'createmodule' function. This makes it...

PT-2024-39587 · WordPress · The Forminator Forms

Name of the Vulnerable Software and Affected Versions: The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress versions up to, and including, 1.35.1 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on...

WordPress Plugin Forminator – Contact Form, Payment Form & Custom Form Builder 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site request forgery vulnerability exists in...

CVE-2021-36821

Summary of CVE-2021-36821 – WordPress Forminator stored XSS : The vulnerability affects the Forminator plugin for WordPress, with versions up to and including 1.14.11. The underlying issue is improper neutralization of input during web page generation, resulting in stored Cross-Site Scripting (XS...