Vulnerabilities > Incsub > Forminator > 1.4.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-11-23 | CVE-2021-24700 | Unspecified vulnerability in Incsub Forminator The Forminator WordPress plugin before 1.15.4 does not sanitize and escape the email field label, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed | 4.8 |
| 2019-03-04 | CVE-2019-9568 | SQL Injection vulnerability in Incsub Forminator The "Forminator Contact Form, Poll & Quiz Builder" plugin before 1.6 for WordPress has SQL Injection via the wp-admin/admin.php?page=forminator-entries entry[] parameter if the attacker has the delete permission. | 6.5 |
| 2019-03-04 | CVE-2019-9567 | Cross-site Scripting vulnerability in Incsub Forminator The "Forminator Contact Form, Poll & Quiz Builder" plugin before 1.6 for WordPress has XSS via a custom input field of a poll. | 6.1 |