VYPR

Forminator

by WordPress

Source repositories

CVEs (31)

  • CVE-2024-9352Oct 17, 2024
    risk 0.00cvss epss 0.00

    The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.35.1. This is due to missing or incorrect nonce validation on the custom form 'create_module'…

  • CVE-2024-45625Sep 9, 2024
    risk 0.00cvss epss 0.00

    Cross-site scripting vulnerability exists in Forminator versions prior to 1.34.1. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who follows a crafted URL and accesses the webpage with the web form created by Forminator.

  • CVE-2024-7389Aug 2, 2024
    risk 0.00cvss epss 0.01

    The Forminator plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.29.1 via class-forminator-addon-hubspot-wp-api.php. This makes it possible for unauthenticated attackers to extract the HubSpot integration developer API…

  • CVE-2024-28890Apr 23, 2024
    risk 0.00cvss epss 0.01

    Forminator prior to 1.29.0 contains an unrestricted upload of file with dangerous type vulnerability. If this vulnerability is exploited, a remote attacker may obtain sensitive information by accessing files on the server, alter the site that uses the plugin, and cause a…

  • CVE-2023-5119Nov 20, 2023
    risk 0.00cvss epss 0.00

    The Forminator WordPress plugin before 1.27.0 does not properly sanitize the redirect-url field in the form submission settings, which could allow high-privilege users such as an administrator to inject arbitrary web scripts even when the unfiltered_html capability is disallowed…

  • CVE-2023-3134Jul 31, 2023
    risk 0.00cvss epss 0.04

    The Forminator WordPress plugin before 1.24.4 does not properly escape values that are being reflected inside form fields that use pre-populated query parameters, which could lead to reflected XSS attacks.

  • CVE-2023-2010Jul 4, 2023
    risk 0.00cvss epss 0.00

    The Forminator WordPress plugin before 1.24.1 does not use an atomic operation to check whether a user has already voted, and then update that information. This leads to a Race Condition that may allow a single user to vote multiple times on a poll.

  • CVE-2021-36821Mar 16, 2023
    risk 0.00cvss epss 0.00

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPMU DEV Forminator allows Stored XSS.This issue affects Forminator: from n/a through 1.14.11.

  • CVE-2021-24700Nov 23, 2021
    risk 0.00cvss epss 0.01

    The Forminator WordPress plugin before 1.15.4 does not sanitize and escape the email field label, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed

  • CVE-2019-9568Mar 4, 2019
    risk 0.00cvss epss 0.02

    The "Forminator Contact Form, Poll & Quiz Builder" plugin before 1.6 for WordPress has SQL Injection via the wp-admin/admin.php?page=forminator-entries entry[] parameter if the attacker has the delete permission.

  • CVE-2019-9567Mar 4, 2019
    risk 0.00cvss epss 0.01

    The "Forminator Contact Form, Poll & Quiz Builder" plugin before 1.6 for WordPress has XSS via a custom input field of a poll.

Page 2 of 2