Wpmudev

Forminator Forms

13 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.9

CVE-2025-7638

  • EPSS 0.04%
  • Published 18.07.2025 04:23:01
  • Last modified 22.07.2025 13:06:27

The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to time-based SQL Injection via the `order_by` parameter in all versions up to, and including, 1.45.0 due to insufficient escaping on the user ...

8.8

CVE-2025-6464

  • EPSS 0.42%
  • Published 02.07.2025 05:29:17
  • Last modified 07.07.2025 14:22:31

The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.44.2 via deserialization of untrusted input in the 'entry_delete_upload_files' ...

8.8

CVE-2025-6463

Media report
  • EPSS 0.27%
  • Published 02.07.2025 04:24:56
  • Last modified 07.07.2025 14:28:51

The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'entry_delete_upload_files' function in all versions up to, and incl...

6.4

CVE-2025-5341

  • EPSS 0.06%
  • Published 05.06.2025 11:15:06
  • Last modified 10.07.2025 14:40:42

The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id' and 'data-size’ parameters in all versions up to, and including, 1.44.1 due to insufficient input s...

5.3

CVE-2025-3479

  • EPSS 0.02%
  • Published 17.04.2025 11:13:06
  • Last modified 28.05.2025 17:54:30

The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Order Replay in all versions up to, and including, 1.42.0 via the 'handle_stripe_single' function due to insufficient validation on a user c...

5.4

CVE-2025-3487

  • EPSS 0.03%
  • Published 17.04.2025 11:13:05
  • Last modified 28.05.2025 17:53:05

The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘limit’ parameter in all versions up to, and including, 1.42.0 due to insufficient input sanitization an...

5.4

CVE-2025-0469

  • EPSS 0.04%
  • Published 27.02.2025 05:15:13
  • Last modified 11.03.2025 19:57:42

The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the slider template data in all versions up to, and including, 1.39.2 due to insufficient input sanitization...

4.8

CVE-2024-7052

Exploit
  • EPSS 0.05%
  • Published 14.02.2025 06:15:20
  • Last modified 14.05.2025 20:38:54

The Forminator Forms WordPress plugin before 1.38.3 does not sanitise and escape some of its settings, which could allow high privilege users such as Admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is di...

6.1

CVE-2025-0470

  • EPSS 0.22%
  • Published 31.01.2025 04:15:09
  • Last modified 23.05.2025 16:14:15

The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the title parameter in all versions up to, and including, 1.38.2 due to insufficient input sanitization a...

5.3

CVE-2024-9700

  • EPSS 0.15%
  • Published 31.10.2024 06:15:05
  • Last modified 25.11.2024 19:57:41

The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.36.0 via the submit_quizzes() function due to missing validation on...