Forminator Security Vulnerabilities and Issues — Forminator CVE List

Lucene search

IncsubForminator

9 matches found

CVE•added 2024/04/23 5:15 a.m.•229 views

CVE-2024-31077

Forminator prior to 1.29.3 contains a SQL injection vulnerability. If this vulnerability is exploited, a remote authenticated attacker with an administrative privilege may obtain and alter any information in the database and cause a denial-of-service (DoS) condition.

7.2CVSS7AI score0.2123EPSS

CVE•added 2024/04/23 5:15 a.m.•131 views

CVE-2024-28890

Forminator prior to 1.29.0 contains an unrestricted upload of file with dangerous type vulnerability. If this vulnerability is exploited, a remote attacker may obtain sensitive information by accessing files on the server, alter the site that uses the plugin, and cause a denial-of-service (DoS) con...

5.3CVSS9.1AI score0.00471EPSS

CVE•added 2024/04/23 5:15 a.m.•75 views

CVE-2024-31857

Forminator prior to 1.15.4 contains a cross-site scripting vulnerability. If this vulnerability is exploited, a remote attacker may obtain user information etc. and alter the page contents on the user's web browser.

5.4CVSS6AI score0.00146EPSS

CVE•added 2024/08/02 5:15 a.m.•55 views

CVE-2024-7389

The Forminator plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.29.1 via class-forminator-addon-hubspot-wp-api.php. This makes it possible for unauthenticated attackers to extract the HubSpot integration developer API key and make unauthor...

7.5CVSS7.3AI score0.00996EPSS

CVE•added 2024/04/09 7:15 p.m.•51 views

CVE-2024-1794

The Forminator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an uploaded file (e.g. 3gpp file) in all versions up to, and including, 1.29.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary we...

7.2CVSS7.8AI score0.0167EPSS

CVE•added 2024/03/27 1:15 p.m.•50 views

CVE-2024-29777

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPMU DEV Forminator allows Reflected XSS.This issue affects Forminator: from n/a through 1.29.0.

7.1CVSS7.1AI score0.00195EPSS

CVE•added 2024/09/09 5:15 a.m.•50 views

CVE-2024-45625

Cross-site scripting vulnerability exists in Forminator versions prior to 1.34.1. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who follows a crafted URL and accesses the webpage with the web form created by Forminator.

6.1CVSS6.5AI score0.00039EPSS

CVE•added 2024/04/09 7:15 p.m.•44 views

CVE-2024-3053

The Forminator – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ forminator_form shortcode attribute in versions up to, and including, 1.29.2 due to insufficient input sanitization and output escaping. This makes it pos...

6.4CVSS5.7AI score0.00094EPSS

CVE•added 2024/10/26 12:15 p.m.•40 views

CVE-2024-10402

The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.35.1. This makes it possible for authenticated attackers, with Contributor-level ...

8.8CVSS7.4AI score0.00094EPSS