Wpmudev

Forminator Forms

19 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.3

CVE-2025-3479

  • EPSS 0.18%
  • Veröffentlicht 17.04.2025 11:13:06
  • Zuletzt bearbeitet 28.05.2025 17:54:30

The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Order Replay in all versions up to, and including, 1.42.0 via the 'handle_stripe_single' function due to insufficient validation on a user c...

5.4

CVE-2025-3487

  • EPSS 0.24%
  • Veröffentlicht 17.04.2025 11:13:05
  • Zuletzt bearbeitet 28.05.2025 17:53:05

The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘limit’ parameter in all versions up to, and including, 1.42.0 due to insufficient input sanitization an...

5.4

CVE-2025-0469

  • EPSS 0.23%
  • Veröffentlicht 27.02.2025 05:15:13
  • Zuletzt bearbeitet 11.03.2025 19:57:42

The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the slider template data in all versions up to, and including, 1.39.2 due to insufficient input sanitization...

4.8

CVE-2024-7052

Exploit
  • EPSS 0.31%
  • Veröffentlicht 14.02.2025 06:15:20
  • Zuletzt bearbeitet 14.05.2025 20:38:54

The Forminator Forms WordPress plugin before 1.38.3 does not sanitise and escape some of its settings, which could allow high privilege users such as Admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is di...

6.1

CVE-2025-0470

  • EPSS 0.3%
  • Veröffentlicht 31.01.2025 04:15:09
  • Zuletzt bearbeitet 23.05.2025 16:14:15

The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the title parameter in all versions up to, and including, 1.38.2 due to insufficient input sanitization a...

5.3

CVE-2024-9700

  • EPSS 0.38%
  • Veröffentlicht 31.10.2024 06:15:05
  • Zuletzt bearbeitet 25.11.2024 19:57:41

The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.36.0 via the submit_quizzes() function due to missing validation on...

8.8

CVE-2024-10402

  • EPSS 0.51%
  • Veröffentlicht 26.10.2024 12:15:12
  • Zuletzt bearbeitet 05.02.2025 15:02:16

The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.35.1. This makes it possible for...

4.3

CVE-2024-9351

  • EPSS 0.21%
  • Veröffentlicht 17.10.2024 06:15:03
  • Zuletzt bearbeitet 29.01.2025 16:51:37

The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.35.1. This is due to missing or incorrect nonce validation on the quiz 'c...

4.3

CVE-2024-9352

  • EPSS 0.21%
  • Veröffentlicht 17.10.2024 06:15:03
  • Zuletzt bearbeitet 29.01.2025 16:55:44

The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.35.1. This is due to missing or incorrect nonce validation on the custom ...