Vulnerabilities > Incsub

DATE CVE VULNERABILITY TITLE RISK
2024-09-09 CVE-2024-45625 Cross-site Scripting vulnerability in Incsub Forminator
Cross-site scripting vulnerability exists in Forminator versions prior to 1.34.1.
network
low complexity
incsub CWE-79
6.1
6.1
2024-04-09 CVE-2024-1794 Cross-site Scripting vulnerability in Incsub Forminator
The Forminator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an uploaded file (e.g.
network
low complexity
incsub CWE-79
6.1
6.1
2024-04-09 CVE-2024-3053 Cross-site Scripting vulnerability in Incsub Forminator
The Forminator – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ forminator_form shortcode attribute in versions up to, and including, 1.29.2 due to insufficient input sanitization and output escaping.
network
low complexity
incsub CWE-79
5.4
5.4
2023-11-20 CVE-2023-5119 Cross-site Scripting vulnerability in Incsub Forminator
The Forminator WordPress plugin before 1.27.0 does not properly sanitize the redirect-url field in the form submission settings, which could allow high-privilege users such as an administrator to inject arbitrary web scripts even when the unfiltered_html capability is disallowed (for example in a multisite setup).
network
low complexity
incsub CWE-79
4.8
4.8
2023-11-15 CVE-2023-6133 Unrestricted Upload of File with Dangerous Type vulnerability in Incsub Forminator
The Forminator plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient blacklisting on the 'forminator_allowed_mime_types' function in versions up to, and including, 1.27.0.
network
low complexity
incsub CWE-434
4.9
4.9
2023-07-31 CVE-2023-3134 Unspecified vulnerability in Incsub Forminator
The Forminator WordPress plugin before 1.24.4 does not properly escape values that are being reflected inside form fields that use pre-populated query parameters, which could lead to reflected XSS attacks.
network
low complexity
incsub
6.1
6.1
2023-07-12 CVE-2021-4417 Unspecified vulnerability in Incsub Forminator
The Forminator – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.13.4.
network
low complexity
incsub
4.3
4.3
2023-07-04 CVE-2023-2010 Race Condition vulnerability in Incsub Forminator
The Forminator WordPress plugin before 1.24.1 does not use an atomic operation to check whether a user has already voted, and then update that information.
network
high complexity
incsub CWE-362
3.1
3.1
2023-04-10 CVE-2023-1478 Unspecified vulnerability in Incsub Hummingbird
The Hummingbird WordPress plugin before 3.4.2 does not validate the generated file path for page cache files before writing them, leading to a path traversal vulnerability in the page cache module.
network
low complexity
incsub
critical
 9.8
9.8
2023-03-16 CVE-2021-36821 Unspecified vulnerability in Incsub Forminator
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPMU DEV Forminator allows Stored XSS.This issue affects Forminator: from n/a through 1.14.11.
network
low complexity
incsub
6.1
6.1