Incsub Forminator

20 CVEs affecting Incsub Forminator. Latest disclosed: 2025-07-02. Critical: 1, High: 7.

Top CVEs affecting Incsub Forminator
CVESeverityScorePublishedSummary
CVE-2023-4596Critical9.82023-08-30The Forminator plugin for WordPress is vulnerable to arbitrary file uploads due to file type validation occurring after a file has been uploaded to the server…
CVE-2025-6463High8.82025-07-02The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file…
CVE-2025-6464High7.52025-07-02The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and i…
CVE-2024-7389High7.52024-08-02The Forminator plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.29.1 via class-forminator-addon-hub…
CVE-2024-31077High7.22024-04-23Forminator prior to 1.29.3 contains a SQL injection vulnerability. If this vulnerability is exploited, a remote authenticated attacker with an administrative p…
CVE-2024-1794High7.22024-04-09The Forminator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an uploaded file (e.g. 3gpp file) in all versions up to, and including, 1…
CVE-2024-29777High7.12024-03-27Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPMU DEV - Your All-in-One WordPress Platform Forminator…
CVE-2021-36821High7.12023-03-16Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPMU DEV Forminator allows Stored XSS.This issue a…
CVE-2023-6133Medium6.62023-11-15The Forminator plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient blacklisting on the 'forminator_allowed_mime_types' function in…
CVE-2019-9568Medium6.52019-03-04The "Forminator Contact Form, Poll & Quiz Builder" plugin before 1.6 for WordPress has SQL Injection via the wp-admin/admin.php?page=forminator-entries entry[]…
CVE-2024-3053Medium6.42024-04-09The Forminator – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ forminator_for…
CVE-2024-45625Medium6.12024-09-09Cross-site scripting vulnerability exists in Forminator versions prior to 1.34.1. If this vulnerability is exploited, an arbitrary script may be executed on th…
CVE-2023-3134Medium6.12023-07-31The Forminator WordPress plugin before 1.24.4 does not properly escape values that are being reflected inside form fields that use pre-populated query paramete…
CVE-2019-9567Medium6.12019-03-04The "Forminator Contact Form, Poll & Quiz Builder" plugin before 1.6 for WordPress has XSS via a custom input field of a poll.
CVE-2024-31857Medium5.42024-04-23Forminator prior to 1.15.4 contains a cross-site scripting vulnerability. If this vulnerability is exploited, a remote attacker may obtain user information etc…
CVE-2021-4417Medium5.42023-07-12The Forminator – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and inclu…
CVE-2024-28890Medium5.32024-04-23Forminator prior to 1.29.0 contains an unrestricted upload of file with dangerous type vulnerability. If this vulnerability is exploited, a remote attacker may…
CVE-2023-5119Medium4.82023-11-20The Forminator WordPress plugin before 1.27.0 does not properly sanitize the redirect-url field in the form submission settings, which could allow high-privile…
CVE-2021-24700Medium4.82021-11-23The Forminator WordPress plugin before 1.15.4 does not sanitize and escape the email field label, which could allow high privilege users to perform Cross-Site…
CVE-2023-2010Low3.12023-07-04The Forminator WordPress plugin before 1.24.1 does not use an atomic operation to check whether a user has already voted, and then update that information. Thi…