414 matches found
WordPress Plugin Forminator 1.24.6 - Arbitrary File Upload
The Forminator plugin for WordPress is vulnerable to arbitrary file uploads due to file type validation occurring after a file has been uploaded to the server in the uploadpostimage function in versions up to, and including, 1.24.6. This makes it possible for unauthenticated attackers to upload...
CVE-2026-6214
The Forminator Forms plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 1.53.0. This is due to the listenforsavingexportschedule function in library/class-export.php failing to perform a capability check before saving the scheduled export configuration,...
CVE-2026-6222
The Forminator Forms plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 1.51.1. This is due to the processRequest method in ForminatorAdminModuleEditPage admin/abstracts/class-admin-module-edit-page.php dispatching sensitive module-management actions —...
CVE-2026-2729
The Forminator plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.52.0. This is due to the plugin not properly verifying that a user is authorized to perform an action when processing attacker-supplied Stripe PaymentIntent identifiers in the public...
CVE-2026-5192
The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Path Traversal in versions up to, and including, 1.52.1 via the 'upload-1filefilepath' parameter. This makes it possible for unauthenticated attackers to read the contents of arbitrary...
WordPress Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin <= 1.53.0 - Missing Authorization to Authenticated (Subscriber+) Scheduled Form Submission Export vulnerability
Missing Authorization to Authenticated Subscriber+ Scheduled Form Submission Export vulnerability discovered by anhcd05 - VNPT Cyber Immunity in WordPress Plugin Forminator versions = 1.53.0...
CVE-2026-6214
The Forminator Forms plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 1.53.0. This is due to the listenforsavingexportschedule function in library/class-export.php failing to perform a capability check before saving the scheduled export configuration,...
CVE-2026-6214 Forminator Forms <= 1.53.0 - Missing Authorization to Authenticated (Subscriber+) Scheduled Form Submission Export via forminator_export_entries Action on wp_loaded Hook
The Forminator Forms plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 1.53.0. This is due to the listenforsavingexportschedule function in library/class-export.php failing to perform a capability check before saving the scheduled export configuration,...
CVE-2026-6214
The Forminator Forms plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 1.53.0. This is due to the listenforsavingexportschedule function in library/class-export.php failing to perform a capability check before saving the scheduled export configuration,...
EUVD-2026-28308
The Forminator Forms plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 1.53.0. This is due to the listenforsavingexportschedule function in library/class-export.php failing to perform a capability check before saving the scheduled export configuration,...
CVE-2026-6214
CVE-2026-6214 affects Forminator Forms for WordPress (≤ 1.53.0). The issue is in listen_for_saving_export_schedule() in library/class-export.php, which fails to perform a capability check before saving a scheduled export configuration, unlike listen_for_csv_export() that verifies permissions. Thi...
CVE-2026-6214 Forminator Forms <= 1.53.0 - Missing Authorization to Authenticated (Subscriber+) Scheduled Form Submission Export via forminator_export_entries Action on wp_loaded Hook
The Forminator Forms plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 1.53.0. This is due to the listenforsavingexportschedule function in library/class-export.php failing to perform a capability check before saving the scheduled export configuration,...
CVE-2026-6222
The Forminator Forms plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 1.51.1. This is due to the processRequest method in ForminatorAdminModuleEditPage admin/abstracts/class-admin-module-edit-page.php dispatching sensitive module-management actions —...
CVE-2026-6222 Forminator Forms <= 1.51.1 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Disclosure via 'forminator_action' Parameter
The Forminator Forms plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 1.51.1. This is due to the processRequest method in ForminatorAdminModuleEditPage admin/abstracts/class-admin-module-edit-page.php dispatching sensitive module-management actions —...
CVE-2026-6222
The Forminator Forms plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 1.51.1. This is due to the processRequest method in ForminatorAdminModuleEditPage admin/abstracts/class-admin-module-edit-page.php dispatching sensitive module-management actions —...
CVE-2026-6222 Forminator Forms <= 1.51.1 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Disclosure via 'forminator_action' Parameter
The Forminator Forms plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 1.51.1. This is due to the processRequest method in ForminatorAdminModuleEditPage admin/abstracts/class-admin-module-edit-page.php dispatching sensitive module-management actions —...
CVE-2026-6222
CVE-2026-6222 affects the WordPress plugin Forminator Forms (versions
EUVD-2026-28235
The Forminator Forms plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 1.51.1. This is due to the processRequest method in ForminatorAdminModuleEditPage admin/abstracts/class-admin-module-edit-page.php dispatching sensitive module-management actions —...
WordPress plugin Forminator Forms 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
PT-2026-38324
The Forminator Forms plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 1.51.1. This is due to the processRequest method in Forminator Admin Module Edit Page admin/abstracts/class-admin-module-edit-page.php dispatching sensitive module-management actions —...