Incsub Forminator
20 CVEs affecting Incsub Forminator. Latest disclosed: 2025-07-02. Critical: 1, High: 7.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-4596 | Critical | 9.8 | 2023-08-30 | The Forminator plugin for WordPress is vulnerable to arbitrary file uploads due to file type validation occurring after a file has been uploaded to the server… |
CVE-2025-6463 | High | 8.8 | 2025-07-02 | The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file… |
CVE-2025-6464 | High | 7.5 | 2025-07-02 | The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and i… |
CVE-2024-7389 | High | 7.5 | 2024-08-02 | The Forminator plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.29.1 via class-forminator-addon-hub… |
CVE-2024-31077 | High | 7.2 | 2024-04-23 | Forminator prior to 1.29.3 contains a SQL injection vulnerability. If this vulnerability is exploited, a remote authenticated attacker with an administrative p… |
CVE-2024-1794 | High | 7.2 | 2024-04-09 | The Forminator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an uploaded file (e.g. 3gpp file) in all versions up to, and including, 1… |
CVE-2024-29777 | High | 7.1 | 2024-03-27 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPMU DEV - Your All-in-One WordPress Platform Forminator… |
CVE-2021-36821 | High | 7.1 | 2023-03-16 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPMU DEV Forminator allows Stored XSS.This issue a… |
CVE-2023-6133 | Medium | 6.6 | 2023-11-15 | The Forminator plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient blacklisting on the 'forminator_allowed_mime_types' function in… |
CVE-2019-9568 | Medium | 6.5 | 2019-03-04 | The "Forminator Contact Form, Poll & Quiz Builder" plugin before 1.6 for WordPress has SQL Injection via the wp-admin/admin.php?page=forminator-entries entry[]… |
CVE-2024-3053 | Medium | 6.4 | 2024-04-09 | The Forminator – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ forminator_for… |
CVE-2024-45625 | Medium | 6.1 | 2024-09-09 | Cross-site scripting vulnerability exists in Forminator versions prior to 1.34.1. If this vulnerability is exploited, an arbitrary script may be executed on th… |
CVE-2023-3134 | Medium | 6.1 | 2023-07-31 | The Forminator WordPress plugin before 1.24.4 does not properly escape values that are being reflected inside form fields that use pre-populated query paramete… |
CVE-2019-9567 | Medium | 6.1 | 2019-03-04 | The "Forminator Contact Form, Poll & Quiz Builder" plugin before 1.6 for WordPress has XSS via a custom input field of a poll. |
CVE-2024-31857 | Medium | 5.4 | 2024-04-23 | Forminator prior to 1.15.4 contains a cross-site scripting vulnerability. If this vulnerability is exploited, a remote attacker may obtain user information etc… |
CVE-2021-4417 | Medium | 5.4 | 2023-07-12 | The Forminator – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and inclu… |
CVE-2024-28890 | Medium | 5.3 | 2024-04-23 | Forminator prior to 1.29.0 contains an unrestricted upload of file with dangerous type vulnerability. If this vulnerability is exploited, a remote attacker may… |
CVE-2023-5119 | Medium | 4.8 | 2023-11-20 | The Forminator WordPress plugin before 1.27.0 does not properly sanitize the redirect-url field in the form submission settings, which could allow high-privile… |
CVE-2021-24700 | Medium | 4.8 | 2021-11-23 | The Forminator WordPress plugin before 1.15.4 does not sanitize and escape the email field label, which could allow high privilege users to perform Cross-Site… |
CVE-2023-2010 | Low | 3.1 | 2023-07-04 | The Forminator WordPress plugin before 1.24.1 does not use an atomic operation to check whether a user has already voted, and then update that information. Thi… |