Vulnerabilities > Incsub > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-09 | CVE-2024-45625 | Cross-site Scripting vulnerability in Incsub Forminator Cross-site scripting vulnerability exists in Forminator versions prior to 1.34.1. | 6.1 |
| 2024-04-09 | CVE-2024-1794 | Cross-site Scripting vulnerability in Incsub Forminator The Forminator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an uploaded file (e.g. | 6.1 |
| 2024-04-09 | CVE-2024-3053 | Cross-site Scripting vulnerability in Incsub Forminator The Forminator – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ forminator_form shortcode attribute in versions up to, and including, 1.29.2 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-03-27 | CVE-2024-29777 | Unspecified vulnerability in Incsub Forminator Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPMU DEV Forminator allows Reflected XSS.This issue affects Forminator: from n/a through 1.29.0. | 6.1 |
| 2023-11-20 | CVE-2023-5119 | Cross-site Scripting vulnerability in Incsub Forminator The Forminator WordPress plugin before 1.27.0 does not properly sanitize the redirect-url field in the form submission settings, which could allow high-privilege users such as an administrator to inject arbitrary web scripts even when the unfiltered_html capability is disallowed (for example in a multisite setup). | 4.8 |
| 2023-11-15 | CVE-2023-6133 | Unrestricted Upload of File with Dangerous Type vulnerability in Incsub Forminator The Forminator plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient blacklisting on the 'forminator_allowed_mime_types' function in versions up to, and including, 1.27.0. | 4.9 |
| 2023-07-31 | CVE-2023-3134 | Unspecified vulnerability in Incsub Forminator The Forminator WordPress plugin before 1.24.4 does not properly escape values that are being reflected inside form fields that use pre-populated query parameters, which could lead to reflected XSS attacks. | 6.1 |
| 2023-07-12 | CVE-2021-4417 | Unspecified vulnerability in Incsub Forminator The Forminator – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.13.4. | 4.3 |
| 2023-03-16 | CVE-2021-36821 | Unspecified vulnerability in Incsub Forminator Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPMU DEV Forminator allows Stored XSS.This issue affects Forminator: from n/a through 1.14.11. | 6.1 |
| 2022-04-18 | CVE-2022-0994 | Unspecified vulnerability in Incsub Hummingbird The Hummingbird WordPress plugin before 3.3.2 does not sanitise and escape the Config Name, which could allow high privilege users, such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | 4.8 |