Vulnerabilities > Wpmudev

DATE CVE VULNERABILITY TITLE RISK
2025-04-17 CVE-2025-3479 Improper Validation of Integrity Check Value vulnerability in Wpmudev Forminator Forms
The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Order Replay in all versions up to, and including, 1.42.0 via the 'handle_stripe_single' function due to insufficient validation on a user controlled key.
network
low complexity
wpmudev CWE-354
5.3
2025-04-17 CVE-2025-3487 Cross-site Scripting vulnerability in Wpmudev Forminator Forms
The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘limit’ parameter in all versions up to, and including, 1.42.0 due to insufficient input sanitization and output escaping.
network
low complexity
wpmudev CWE-79
5.4
2025-02-27 CVE-2025-0469 Cross-site Scripting vulnerability in Wpmudev Forminator Forms
The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the slider template data in all versions up to, and including, 1.39.2 due to insufficient input sanitization and output escaping.
network
low complexity
wpmudev CWE-79
5.4
2025-01-31 CVE-2025-0470 Cross-site Scripting vulnerability in Wpmudev Forminator Forms
The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the title parameter in all versions up to, and including, 1.38.2 due to insufficient input sanitization and output escaping.
network
low complexity
wpmudev CWE-79
6.1
2024-10-26 CVE-2024-10402 Unspecified vulnerability in Wpmudev Forminator Forms
The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.35.1.
network
low complexity
wpmudev
8.8
2024-10-17 CVE-2024-9351 Cross-Site Request Forgery (CSRF) vulnerability in Wpmudev Forminator Forms
The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.35.1.
network
low complexity
wpmudev CWE-352
4.3
2024-10-17 CVE-2024-9352 Cross-Site Request Forgery (CSRF) vulnerability in Wpmudev Forminator Forms
The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.35.1.
network
low complexity
wpmudev CWE-352
4.3
2024-08-26 CVE-2024-43117 Cross-Site Request Forgery (CSRF) vulnerability in Wpmudev Hummingbird
Cross-Site Request Forgery (CSRF) vulnerability in WPMU DEV Hummingbird.This issue affects Hummingbird: from n/a through 3.9.1.
network
low complexity
wpmudev CWE-352
8.8
2024-07-22 CVE-2024-37239 Cross-site Scripting vulnerability in Wpmudev Branda
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPMU DEV Branda allows Stored XSS.This issue affects Branda: from n/a through 3.4.17.
network
low complexity
wpmudev CWE-79
4.8
2024-06-21 CVE-2024-5191 Cross-site Scripting vulnerability in Wpmudev Branda
The Branda – White Label WordPress, Custom Login Page Customizer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘mime_types’ parameter in all versions up to, and including, 3.4.17 due to insufficient input sanitization and output escaping.
network
low complexity
wpmudev CWE-79
5.4