Vulnerabilities > Wpmudev > Forminator Forms > 1.6.0.2
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2025-04-17 | CVE-2025-3479 | Improper Validation of Integrity Check Value vulnerability in Wpmudev Forminator Forms The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Order Replay in all versions up to, and including, 1.42.0 via the 'handle_stripe_single' function due to insufficient validation on a user controlled key. | 5.3 |
2025-04-17 | CVE-2025-3487 | Cross-site Scripting vulnerability in Wpmudev Forminator Forms The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘limit’ parameter in all versions up to, and including, 1.42.0 due to insufficient input sanitization and output escaping. | 5.4 |
2025-02-27 | CVE-2025-0469 | Cross-site Scripting vulnerability in Wpmudev Forminator Forms The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the slider template data in all versions up to, and including, 1.39.2 due to insufficient input sanitization and output escaping. | 5.4 |
2025-01-31 | CVE-2025-0470 | Cross-site Scripting vulnerability in Wpmudev Forminator Forms The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the title parameter in all versions up to, and including, 1.38.2 due to insufficient input sanitization and output escaping. | 6.1 |
2024-10-26 | CVE-2024-10402 | Unspecified vulnerability in Wpmudev Forminator Forms The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.35.1. | 8.8 |
2024-10-17 | CVE-2024-9351 | Cross-Site Request Forgery (CSRF) vulnerability in Wpmudev Forminator Forms The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.35.1. | 4.3 |
2024-10-17 | CVE-2024-9352 | Cross-Site Request Forgery (CSRF) vulnerability in Wpmudev Forminator Forms The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.35.1. | 4.3 |