Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

405 matches found

Nuclei
Nucleiadded 2 days ago251 views

WordPress Plugin Forminator 1.24.6 - Arbitrary File Upload

The Forminator plugin for WordPress is vulnerable to arbitrary file uploads due to file type validation occurring after a file has been uploaded to the server in the uploadpostimage function in versions up to, and including, 1.24.6. This makes it possible for unauthenticated attackers to upload...

9.8CVSS7.9AI score0.90782EPSS
Exploits3References5
Patchstack
Patchstackadded 2026/05/07 10:26 a.m.8 views

WordPress Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin <= 1.53.0 - Missing Authorization to Authenticated (Subscriber+) Scheduled Form Submission Export vulnerability

Missing Authorization to Authenticated Subscriber+ Scheduled Form Submission Export vulnerability discovered by anhcd05 - VNPT Cyber Immunity in WordPress Plugin Forminator versions = 1.53.0...

6.5CVSS5.8AI score0.0001EPSS
Exploits0References1Affected Software1
NVD
NVDadded 2026/05/07 4:16 a.m.6 views

CVE-2026-6214

The Forminator Forms plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 1.53.0. This is due to the listenforsavingexportschedule function in library/class-export.php failing to perform a capability check before saving the scheduled export configuration,...

6.5CVSS0.0001EPSS
Exploits0References6
EUVD
EUVDadded 2026/05/07 3:27 a.m.4 views

EUVD-2026-28308

The Forminator Forms plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 1.53.0. This is due to the listenforsavingexportschedule function in library/class-export.php failing to perform a capability check before saving the scheduled export configuration,...

6.5CVSS5.7AI score0.0001EPSS
Exploits0References6
Cvelist
Cvelistadded 2026/05/07 3:27 a.m.28 views

CVE-2026-6214 Forminator Forms <= 1.53.0 - Missing Authorization to Authenticated (Subscriber+) Scheduled Form Submission Export via forminator_export_entries Action on wp_loaded Hook

The Forminator Forms plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 1.53.0. This is due to the listenforsavingexportschedule function in library/class-export.php failing to perform a capability check before saving the scheduled export configuration,...

6.5CVSS0.0001EPSS
Exploits0References6
CVE
CVEadded 2026/05/07 3:27 a.m.6 views

CVE-2026-6214

CVE-2026-6214 affects Forminator Forms for WordPress (≤ 1.53.0). The issue is in listen_for_saving_export_schedule() in library/class-export.php, which fails to perform a capability check before saving a scheduled export configuration, unlike listen_for_csv_export() that verifies permissions. Thi...

6.5CVSS5.7AI score0.0001EPSS
Exploits0References6
ATTACKERKB
ATTACKERKBadded 2026/05/07 3:27 a.m.3 views

CVE-2026-6214

The Forminator Forms plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 1.53.0. This is due to the listenforsavingexportschedule function in library/class-export.php failing to perform a capability check before saving the scheduled export configuration,...

6.5CVSS5.7AI score0.0001EPSS
Exploits0References7
Vulnrichment
Vulnrichmentadded 2026/05/07 3:27 a.m.4 views

CVE-2026-6214 Forminator Forms <= 1.53.0 - Missing Authorization to Authenticated (Subscriber+) Scheduled Form Submission Export via forminator_export_entries Action on wp_loaded Hook

The Forminator Forms plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 1.53.0. This is due to the listenforsavingexportschedule function in library/class-export.php failing to perform a capability check before saving the scheduled export configuration,...

6.5CVSS5.7AI score0.0001EPSS
Exploits0References6
NVD
NVDadded 2026/05/07 2:16 a.m.3 views

CVE-2026-6222

The Forminator Forms plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 1.51.1. This is due to the processRequest method in ForminatorAdminModuleEditPage admin/abstracts/class-admin-module-edit-page.php dispatching sensitive module-management actions —...

5.3CVSS0.00011EPSS
Exploits0References8
ATTACKERKB
ATTACKERKBadded 2026/05/07 1:25 a.m.2 views

CVE-2026-6222

The Forminator Forms plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 1.51.1. This is due to the processRequest method in ForminatorAdminModuleEditPage admin/abstracts/class-admin-module-edit-page.php dispatching sensitive module-management actions —...

5.3CVSS5.9AI score0.00011EPSS
Exploits0References9
Vulnrichment
Vulnrichmentadded 2026/05/07 1:25 a.m.4 views

CVE-2026-6222 Forminator Forms <= 1.51.1 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Disclosure via 'forminator_action' Parameter

The Forminator Forms plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 1.51.1. This is due to the processRequest method in ForminatorAdminModuleEditPage admin/abstracts/class-admin-module-edit-page.php dispatching sensitive module-management actions —...

5.3CVSS5.9AI score0.00011EPSS
Exploits0References8
Cvelist
Cvelistadded 2026/05/07 1:25 a.m.27 views

CVE-2026-6222 Forminator Forms <= 1.51.1 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Disclosure via 'forminator_action' Parameter

The Forminator Forms plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 1.51.1. This is due to the processRequest method in ForminatorAdminModuleEditPage admin/abstracts/class-admin-module-edit-page.php dispatching sensitive module-management actions —...

5.3CVSS0.00011EPSS
Exploits0References8
CVE
CVEadded 2026/05/07 1:25 a.m.7 views

CVE-2026-6222

CVE-2026-6222 affects the WordPress plugin Forminator Forms (versions

5.3CVSS5.9AI score0.00011EPSS
Exploits0References8
EUVD
EUVDadded 2026/05/07 1:25 a.m.3 views

EUVD-2026-28235

The Forminator Forms plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 1.51.1. This is due to the processRequest method in ForminatorAdminModuleEditPage admin/abstracts/class-admin-module-edit-page.php dispatching sensitive module-management actions —...

5.3CVSS5.9AI score0.00011EPSS
Exploits0References8
CNNVD
CNNVDadded 2026/05/07 12:0 a.m.2 views

WordPress plugin Forminator Forms 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

5.3CVSS5.8AI score0.00011EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2026/05/07 12:0 a.m.4 views

PT-2026-38324

The Forminator Forms plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 1.51.1. This is due to the processRequest method in Forminator Admin Module Edit Page admin/abstracts/class-admin-module-edit-page.php dispatching sensitive module-management actions —...

5.3CVSS5.9AI score0.00011EPSS
Exploits0References9
CNNVD
CNNVDadded 2026/05/07 12:0 a.m.2 views

WordPress plugin Forminator Forms 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.5CVSS5.8AI score0.0001EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2026/05/07 12:0 a.m.5 views

PT-2026-38339

The Forminator Forms plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 1.53.0. This is due to the listen for saving export schedule function in library/class-export.php failing to perform a capability check before saving the scheduled export configuration...

6.5CVSS5.7AI score0.0001EPSS
Exploits0References7
Patchstack
Patchstackadded 2026/05/06 12:50 p.m.2 views

WordPress Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin <= 1.51.1 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Disclosure vulnerability

Missing Authorization to Authenticated Subscriber+ Sensitive Information Disclosure vulnerability discovered by anhcd05 - VNPT Cyber Immunity in WordPress Plugin Forminator versions = 1.51.1...

5.3CVSS5.8AI score0.00011EPSS
Exploits0References1Affected Software1
Patchstack
Patchstackadded 2026/05/05 4:4 p.m.4 views

WordPress Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin <= 1.52.1 - Unauthenticated Arbitrary File Read vulnerability

Unauthenticated Arbitrary File Read vulnerability discovered by daroo in WordPress Plugin Forminator versions = 1.52.1...

7.5CVSS5.8AI score0.00056EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder