Wpmudev Forminator_forms

10 CVEs affecting Wpmudev Forminator_forms. Latest disclosed: 2025-06-05. Critical: 0, High: 1.

Top CVEs affecting Wpmudev Forminator_forms
CVESeverityScorePublishedSummary
CVE-2024-10402High7.52024-10-26The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to unauthorized access due to a missing capability c…
CVE-2025-5341Medium6.42025-06-05The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id' and 'dat…
CVE-2025-3487Medium6.42025-04-17The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘limit’ param…
CVE-2025-0469Medium6.42025-02-27The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the slider templa…
CVE-2025-0470Medium6.12025-01-31The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the title para…
CVE-2025-3479Medium5.32025-04-17The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Order Replay in all versions up to, and including…
CVE-2024-9700Medium5.32024-10-31The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions…
CVE-2024-7052Medium4.82025-02-14The Forminator Forms WordPress plugin before 1.38.3 does not sanitise and escape some of its settings, which could allow high privilege users such as Admin to…
CVE-2024-9352Medium4.32024-10-17The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to…
CVE-2024-9351Medium4.32024-10-17The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to…