EUVD-2025-1695

Malicious code in bioql PyPI...

CVE-2024-3053

The Forminator – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ forminatorform shortcode attribute in versions up to, and including, 1.29.2 due to insufficient input sanitization and output escaping. This makes it...

CVE-2023-5119

The Forminator WordPress plugin before 1.27.0 does not properly sanitize the redirect-url field in the form submission settings, which could allow high-privilege users such as an administrator to inject arbitrary web scripts even when the unfilteredhtml capability is disallowed for example in a...

CVE-2024-7389

The Forminator plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.29.1 via class-forminator-addon-hubspot-wp-api.php. This makes it possible for unauthenticated attackers to extract the HubSpot integration developer API key and make...

CVE-2024-1794

The Forminator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an uploaded file e.g. 3gpp file in all versions up to, and including, 1.29.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary we...

CVE-2025-0470

CVE-2025-0470 concerns the WordPress plugin Forminator Forms – Contact Form, Payment Form & Custom Form Builder. The issue is a Reflected Cross-Site Scripting (XSS) vulnerability in the title parameter, arising from insufficient input sanitization and output escaping. It affects all versions up t...

CVE-2024-28890

Forminator prior to 1.29.0 contains an unrestricted upload of file with dangerous type vulnerability. If this vulnerability is exploited, a remote attacker may obtain sensitive information by accessing files on the server, alter the site that uses the plugin, and cause a denial-of-service DoS...