WordPress Forminator plugin <= 1.44.2 - Unauthenticated PHP Object Injection (PHAR) Triggered via Administrator Form Submission Deletion vulnerability

Unauthenticated PHP Object Injection PHAR Triggered via Administrator Form Submission Deletion vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Forminator versions = 1.44.2...

CVE-2024-31857

Forminator prior to 1.15.4 contains a cross-site scripting vulnerability. If this vulnerability is exploited, a remote attacker may obtain user information etc. and alter the page contents on the user's web browser...

CVE-2024-45625

Cross-site scripting vulnerability exists in Forminator versions prior to 1.34.1. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who follows a crafted URL and accesses the webpage with the web form created by Forminator...

CVE-2024-45625

Cross-site scripting vulnerability exists in Forminator versions prior to 1.34.1. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who follows a crafted URL and accesses the webpage with the web form created by Forminator...

CVE-2024-45625

Cross-site scripting vulnerability exists in Forminator versions prior to 1.34.1. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who follows a crafted URL and accesses the webpage with the web form created by Forminator...

PT-2023-12529 · WordPress · The Forminator Forms

Name of the Vulnerable Software and Affected Versions: The Forminator – Contact Form, Payment Form & Custom Form Builder plugin for WordPress versions up to, and including, 1.13.4 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the...