Lucene search
K
IncsubForminator

20 matches found

CVE
CVE
added 2024/04/23 4:47 a.m.252 views

CVE-2024-31077

CVE-2024-31077 affects Forminator (WordPress plugin) prior to 1.29.3. The issue is an SQL Injection in the admin-facing form handling that can be triggered by an authenticated admin, enabling access/alteration of database data and potential DoS. Remediation is to upgrade Forminator to 1.29.3 or l...

7.2CVSS7AI score0.30361EPSS
CVE
CVE
added 2023/08/30 1:45 a.m.215 views

CVE-2023-4596

CVE-2023-4596 — WordPress Forminator plugin Arbitrary File Upload Affected software: WordPress Forminator plugin (all environments using WordPress) up to version 1.24.6. Root cause: Vulnerability arises from file type validation occurring after a file has been uploaded in upload_post_image(), ena...

9.8CVSS9.7AI score0.12749EPSS
CVE
CVE
added 2024/04/23 4:56 a.m.163 views

CVE-2024-28890

CVE-2024-28890 : Forminator (WordPress plugin) before 1.29.0 has an unrestricted file upload of dangerous types vulnerability. This could allow a remote attacker to access server files, modify the site, and potentially cause a DoS. Remediation: upgrade Forminator to version 1.29.0 or later (per R...

5.3CVSS9.1AI score0.00708EPSS
CVE
CVE
added 2025/07/02 4:24 a.m.101 views

CVE-2025-6463

The CVE-2025-6463 affects the WordPress Forminator Forms plugin (Contact/Payment/Custom Form Builder) versioned up to and including 1.44.2. The vulnerability arises from insufficient validation in entry_delete_upload_files, allowing unauthenticated attackers to inject arbitrary file paths into a ...

8.8CVSS8AI score0.10538EPSS
CVE
CVE
added 2024/04/23 4:46 a.m.89 views

CVE-2024-31857

Forminator (WordPress plugin) contains a cross-site scripting vulnerability (CVE-2024-31857) affecting versions prior to 1.15.4. An attacker could exploit this to obtain user information and alter page contents in a user’s browser. The Red Hat and Wordfence entries confirm the vulnerability in Fo...

5.4CVSS6AI score0.00632EPSS
CVE
CVE
added 2024/08/02 4:29 a.m.75 views

CVE-2024-7389

The CVE-2024-7389 entry affects the WordPress Forminator plugin (versions

7.5CVSS7.3AI score0.00658EPSS
CVE
CVE
added 2023/03/16 2:45 p.m.69 views

CVE-2021-36821

Summary of CVE-2021-36821 – WordPress Forminator stored XSS : The vulnerability affects the Forminator plugin for WordPress, with versions up to and including 1.14.11. The underlying issue is improper neutralization of input during web page generation, resulting in stored Cross-Site Scripting (XS...

7.1CVSS6.4AI score0.00406EPSS
CVE
CVE
added 2024/09/09 4:44 a.m.68 views

CVE-2024-45625

CVE-2024-45625 affects Forminator Forms v1.34.0 and earlier. The issue is a cross-site scripting vulnerability (CWE-79) in the way URLs embedded in a Forminator form can cause arbitrary script execution in the user’s browser when a crafted URL is accessed. The CVSS 3.1 vector is AV:N/AC:L/PR:N/UI...

6.1CVSS6.5AI score0.0041EPSS
CVE
CVE
added 2024/04/09 6:58 p.m.66 views

CVE-2024-1794

CVE-2024-1794 is a stored XSS flaw in WordPress Forminator up to version 1.29.0 via file uploads (e.g., 3gpp). Public docs confirm unauthenticated exploitation leading to script execution when served pages load injected content. Connected sources indicate the issue was addressed in later patches ...

7.2CVSS7.8AI score0.00528EPSS
CVE
CVE
added 2024/03/27 1:0 p.m.66 views

CVE-2024-29777

CVE-2024-29777 is a reflected Cross-Site Scripting (XSS) vulnerability in the WordPress plugin Forminator (WPMU DEV) up to version 1.29.0. The issue arises from improper input neutralization during web page generation. Affected: Forminator

7.1CVSS7.2AI score0.00426EPSS
CVE
CVE
added 2023/07/31 9:37 a.m.65 views

CVE-2023-3134

The CVE-2023-3134 vulnerability affects the Forminator WordPress plugin and is a reflected XSS in which values are not properly escaped when echoed into form fields that use pre-populated query parameters. Affected product/version: Forminator WordPress plugin prior to 1.24.4. Impact is described ...

6.1CVSS6.3AI score0.0354EPSS
CVE
CVE
added 2024/04/09 6:58 p.m.65 views

CVE-2024-3053

CVE-2024-3053 applies to the WordPress plugin Forminator – Contact Form, Payment Form & Custom Form Builder . The vulnerability is a Stored Cross-Site Scripting via the shortcodes’ forminator_form id attribute, affecting versions up to and including 1.29.2 due to insufficient input sanitization a...

6.4CVSS5.7AI score0.00358EPSS
CVE
CVE
added 2023/07/04 7:23 a.m.63 views

CVE-2023-2010

The CVE-2023-2010 vulnerability affects the WordPress Forminator plugin versions prior to 1.24.1. The root cause is a lack of an atomic operation to verify whether a user has already voted before updating the vote status, resulting in a race condition that may allow a single user to vote multiple...

3.1CVSS4.1AI score0.00359EPSS
CVE
CVE
added 2019/03/04 6:0 p.m.54 views

CVE-2019-9567

CVE-2019-9567 describes an XSS vulnerability in the WordPress Forminator Contact Form, Poll & Quiz Builder plugin prior to v1.6, caused by improper handling/encoding of a custom poll input field. Public records (NVD entry) state an XSS in the poll input field; some sources discuss persistent XSS ...

6.1CVSS6AI score0.01323EPSS
CVE
CVE
added 2021/11/23 7:16 p.m.51 views

CVE-2021-24700

CVE-2021-24700 – Forminator WordPress plugin vulnerability : The WordPress Forminator plugin versions before 1.15.4 do not sanitize and escape the email field label, enabling stored Cross-Site Scripting (XSS) by high-privilege users. Affected software: Forminator Form plugin for WordPress; vulner...

4.8CVSS4.7AI score0.00598EPSS
CVE
CVE
added 2019/03/04 6:0 p.m.48 views

CVE-2019-9568

Forminator Contrast: The WordPress plugin Forminator Contact Form, Poll & Quiz Builder is affected by an SQL Injection in versions before 1.6 via the entry[] parameter in the admin interface, if the attacker has delete permission. The root cause is a SQL query vulnerability in bulk delete logic f...

6.5CVSS7AI score0.01574EPSS
CVE
CVE
added 2023/07/12 3:40 a.m.48 views

CVE-2021-4417

The Forminator – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is affected by a Cross-Site Request Forgery in versions up to 1.13.4, caused by missing/incorrect nonce validation in listen_for_saving_export_schedule(). This can let unauthenticated attackers export form subm...

5.4CVSS4.2AI score0.0036EPSS
CVE
CVE
added 2023/11/20 6:55 p.m.45 views

CVE-2023-5119

CVE-2023-5119 affects the Forminator WordPress plugin prior to 1.27.0. The issue stems from improper sanitization of the redirect-url field in form submission settings, enabling high-privilege users (e.g., admins) to inject arbitrary web scripts even when unfiltered_html is disallowed (multisite ...

4.8CVSS5AI score0.00451EPSS
CVE
CVE
added 2023/11/15 6:40 a.m.44 views

CVE-2023-6133

Summary (CVE-2023-6133): The Forminator plugin for WordPress (affected:

6.6CVSS5.7AI score0.00866EPSS
CVE
CVE
added 2025/07/02 5:29 a.m.44 views

CVE-2025-6464

The CVE concerns the WordPress Forminator Forms plugin (versions up to and including 1.44.2). It enables PHP Object Injection through deserialization of untrusted input in the entry_delete_upload_files function, triggered when a form submission is deleted (admin or auto-deletion). Exploitation re...

8.8CVSS7.2AI score0.00469EPSS