10 matches found
CVE-2025-0470
CVE-2025-0470 concerns the WordPress plugin Forminator Forms – Contact Form, Payment Form & Custom Form Builder. The issue is a Reflected Cross-Site Scripting (XSS) vulnerability in the title parameter, arising from insufficient input sanitization and output escaping. It affects all versions up t...
CVE-2025-5341
CVE-2025-5341 affects the WordPress plugin Forminator Forms – Contact Form, Payment Form & Custom Form Builder. The vulnerability is a Stored Cross‑Site Scripting (XSS) caused by insufficient input sanitization and output escaping in the plugin’s handling of the id and data-size parameters, explo...
CVE-2025-3479
Forminator Forms – Contact Form, Payment Form & Custom Form Builder for WordPress is vulnerable to an Order Replay flaw (CVE-2025-3479) in versions up to 1.42.0 due to insufficient validation of a user-controlled key in the handle_stripe_single path. This allows an unauthenticated attacker to reu...
CVE-2025-3487
CVE-2025-3487 affects Forminator Forms – Contact Form, Payment Form & Custom Form Builder (WordPress). It is a Stored Cross-Site Scripting vulnerability via the limit parameter in all versions up to and including 1.42.0, caused by insufficient input sanitization and output escaping. Exploitation ...
CVE-2024-7052
CVE-2024-7052 affects the WordPress plugin Forminator Forms . The vulnerability arises from inadequate sanitisation/escaping of certain plugin settings, enabling a high-privilege user (e.g., Admin) to perform a stored cross‑site scripting (XSS) attack even when the unfiltered_html capability is d...
CVE-2024-10402
Summary of CVE-2024-10402 (Forminator Forms – WordPress plugin) : The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable in versions up to and including 1.35.1 due to a missing capability check. This insecure authorization allows authenticated a...
CVE-2024-9700
CVE-2024-9700 affects the WordPress plugin “Forminator Forms – Contact Form, Payment Form & Custom Form Builder” and covers all versions up to and including 1.36.0. The vulnerability is an Insecure Direct Object Reference via the submit_quizzes() function, caused by missing validation on the entr...
CVE-2025-0469
CVE-2025-0469 : Forminator Forms – Contact Form, Payment Form & Custom Form Builder (WordPress) is affected by a Stored Cross-Site Scripting vulnerability up to version 1.39.2 due to insufficient input sanitization and output escaping in the slider template data. An attacker with Contributor+ pri...
CVE-2024-9351
Summary (CVE-2024-9351) The Forminator Forms plugin for WordPress (versions ≤ 1.35.1) is vulnerable to Cross-Site Request Forgery due to missing/incorrect nonce validation in the quiz creation path (create_module). This allows unauthenticated attackers to cause draft quizzes to be created if a si...
CVE-2024-9352
CVE-2024-9352 (Forminator Forms for WordPress) is a CSRF vulnerability in all versions up to 1.35.1 caused by missing/incorrect nonce validation in the custom form function create_module. This allows unauthenticated attackers to cause a site administrator to draft forms by forging a request (e.g....