Lucene search
K
WpmudevForminator Forms

10 matches found

CVE
CVE
added 2025/01/31 3:21 a.m.80 views

CVE-2025-0470

CVE-2025-0470 concerns the WordPress plugin Forminator Forms – Contact Form, Payment Form & Custom Form Builder. The issue is a Reflected Cross-Site Scripting (XSS) vulnerability in the title parameter, arising from insufficient input sanitization and output escaping. It affects all versions up t...

6.1CVSS6AI score0.00311EPSS
CVE
CVE
added 2025/06/05 11:15 a.m.75 views

CVE-2025-5341

CVE-2025-5341 affects the WordPress plugin Forminator Forms – Contact Form, Payment Form & Custom Form Builder. The vulnerability is a Stored Cross‑Site Scripting (XSS) caused by insufficient input sanitization and output escaping in the plugin’s handling of the id and data-size parameters, explo...

6.4CVSS5.7AI score0.00238EPSS
CVE
CVE
added 2025/04/17 11:13 a.m.69 views

CVE-2025-3479

Forminator Forms – Contact Form, Payment Form & Custom Form Builder for WordPress is vulnerable to an Order Replay flaw (CVE-2025-3479) in versions up to 1.42.0 due to insufficient validation of a user-controlled key in the handle_stripe_single path. This allows an unauthenticated attacker to reu...

5.3CVSS5.2AI score0.00195EPSS
CVE
CVE
added 2025/04/17 11:13 a.m.68 views

CVE-2025-3487

CVE-2025-3487 affects Forminator Forms – Contact Form, Payment Form & Custom Form Builder (WordPress). It is a Stored Cross-Site Scripting vulnerability via the limit parameter in all versions up to and including 1.42.0, caused by insufficient input sanitization and output escaping. Exploitation ...

6.4CVSS5.8AI score0.00252EPSS
CVE
CVE
added 2025/02/14 6:0 a.m.60 views

CVE-2024-7052

CVE-2024-7052 affects the WordPress plugin Forminator Forms . The vulnerability arises from inadequate sanitisation/escaping of certain plugin settings, enabling a high-privilege user (e.g., Admin) to perform a stored cross‑site scripting (XSS) attack even when the unfiltered_html capability is d...

4.8CVSS5.8AI score0.00307EPSS
CVE
CVE
added 2024/10/26 11:38 a.m.59 views

CVE-2024-10402

Summary of CVE-2024-10402 (Forminator Forms – WordPress plugin) : The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable in versions up to and including 1.35.1 due to a missing capability check. This insecure authorization allows authenticated a...

8.8CVSS7.4AI score0.00512EPSS
CVE
CVE
added 2024/10/31 5:31 a.m.55 views

CVE-2024-9700

CVE-2024-9700 affects the WordPress plugin “Forminator Forms – Contact Form, Payment Form & Custom Form Builder” and covers all versions up to and including 1.36.0. The vulnerability is an Insecure Direct Object Reference via the submit_quizzes() function, caused by missing validation on the entr...

5.3CVSS5.2AI score0.00379EPSS
CVE
CVE
added 2025/02/27 4:21 a.m.54 views

CVE-2025-0469

CVE-2025-0469 : Forminator Forms – Contact Form, Payment Form & Custom Form Builder (WordPress) is affected by a Stored Cross-Site Scripting vulnerability up to version 1.39.2 due to insufficient input sanitization and output escaping in the slider template data. An attacker with Contributor+ pri...

6.4CVSS5.8AI score0.00234EPSS
CVE
CVE
added 2024/10/17 5:33 a.m.51 views

CVE-2024-9351

Summary (CVE-2024-9351) The Forminator Forms plugin for WordPress (versions ≤ 1.35.1) is vulnerable to Cross-Site Request Forgery due to missing/incorrect nonce validation in the quiz creation path (create_module). This allows unauthenticated attackers to cause draft quizzes to be created if a si...

4.3CVSS4.6AI score0.00207EPSS
CVE
CVE
added 2024/10/17 5:33 a.m.51 views

CVE-2024-9352

CVE-2024-9352 (Forminator Forms for WordPress) is a CSRF vulnerability in all versions up to 1.35.1 caused by missing/incorrect nonce validation in the custom form function create_module. This allows unauthenticated attackers to cause a site administrator to draft forms by forging a request (e.g....

4.3CVSS4.6AI score0.00207EPSS