Wpmudev

Forminator Forms

15 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.4

CVE-2026-2002

  • EPSS 0.03%
  • Veröffentlicht 17.02.2026 04:35:45
  • Zuletzt bearbeitet 18.02.2026 17:52:22

The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form_name parameter in all versions up to, and including, 1.50.2 due to insufficient input sanitization ...

5.3

CVE-2025-14782

  • EPSS 0.01%
  • Veröffentlicht 09.01.2026 06:34:53
  • Zuletzt bearbeitet 13.01.2026 14:03:46

The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.49.1 via the 'listen_for_csv_export' function. This is due to the plugin not pr...

4.9

CVE-2025-7638

  • EPSS 0.03%
  • Veröffentlicht 18.07.2025 04:23:01
  • Zuletzt bearbeitet 22.07.2025 13:06:27

The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to time-based SQL Injection via the `order_by` parameter in all versions up to, and including, 1.45.0 due to insufficient escaping on the user ...

8.8

CVE-2025-6464

  • EPSS 1.02%
  • Veröffentlicht 02.07.2025 05:29:17
  • Zuletzt bearbeitet 07.07.2025 14:22:31

The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.44.2 via deserialization of untrusted input in the 'entry_delete_upload_files' ...

8.8

CVE-2025-6463

Medienbericht
  • EPSS 0.43%
  • Veröffentlicht 02.07.2025 04:24:56
  • Zuletzt bearbeitet 07.07.2025 14:28:51

The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'entry_delete_upload_files' function in all versions up to, and incl...

6.4

CVE-2025-5341

  • EPSS 0.07%
  • Veröffentlicht 05.06.2025 11:15:06
  • Zuletzt bearbeitet 10.07.2025 14:40:42

The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id' and 'data-size’ parameters in all versions up to, and including, 1.44.1 due to insufficient input s...

5.3

CVE-2025-3479

  • EPSS 0.06%
  • Veröffentlicht 17.04.2025 11:13:06
  • Zuletzt bearbeitet 28.05.2025 17:54:30

The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Order Replay in all versions up to, and including, 1.42.0 via the 'handle_stripe_single' function due to insufficient validation on a user c...

5.4

CVE-2025-3487

  • EPSS 0.16%
  • Veröffentlicht 17.04.2025 11:13:05
  • Zuletzt bearbeitet 28.05.2025 17:53:05

The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘limit’ parameter in all versions up to, and including, 1.42.0 due to insufficient input sanitization an...

5.4

CVE-2025-0469

  • EPSS 0.08%
  • Veröffentlicht 27.02.2025 05:15:13
  • Zuletzt bearbeitet 11.03.2025 19:57:42

The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the slider template data in all versions up to, and including, 1.39.2 due to insufficient input sanitization...

4.8

CVE-2024-7052

Exploit
  • EPSS 0.09%
  • Veröffentlicht 14.02.2025 06:15:20
  • Zuletzt bearbeitet 14.05.2025 20:38:54

The Forminator Forms WordPress plugin before 1.38.3 does not sanitise and escape some of its settings, which could allow high privilege users such as Admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is di...