Forminator Forms – Contact Form, Payment Form & Custom Form Builder

Wordfence Intelligence   >   Vulnerability Database   >   WordPress Plugins   >   Forminator Forms – Contact Form, Payment Form & Custom Form Builder

Information

Software Type Plugin
Software Slug forminator (view on wordpress.org)
Software Status Active
Software Author wpmudev
Software Website wpmudev.com
Software Downloads 9,455,852
Software Active Installs 500,000
Software Record Last Updated November 21, 2024

Showing 1-20 of 25 Vulnerabilities

Submit a Vulnerability
Forminator <= 1.28.1 - Unauthenticated Arbitrary File Upload
9.8
CVE-2024-28890
Apr 18, 2024
Researcher: hibiki moriyama
Forminator <= 1.24.6 - Unauthenticated Arbitrary File Upload
9.8
CVE-2023-4596
Aug 29, 2023
Researcher: mehmet
Forminator <= 1.29.2 - Authenticated (Admin+) SQL Injection
9.1
CVE-2024-31077
Apr 18, 2024
Researcher: hibiki moriyama
Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.35.1 - Missing Authorization to Authenticated (Contributor+) Form Update and Creation
7.5
CVE-2024-10402
Oct 25, 2024
Researcher: wesley (wcraft)
Forminator <= 1.29.1 - HubSpot Developer API Key Sensitive Information Exposure
7.5
CVE-2024-7389
Aug 1, 2024
Researcher: Sean Murphy
Forminator <= 1.29.0 - Unauthenticated Stored Cross-Site Scripting via File Upload
7.2
CVE-2024-1794
Mar 29, 2024
Researcher: wesley (wcraft)
Forminator <= 1.14.11 - Unauthenticated Stored Cross-Site Scripting
7.2
CVE-2021-36821
Jul 14, 2021
Researcher: Jörgson
Forminator <= 1.27.0 - Authenticated (Administrator+) Arbitrary File Upload
6.6
CVE-2023-6133
Nov 14, 2023
Researcher: István Márton
Forminator Plugin <= 1.5.3.1 - SQL Injection
6.5
CVE-2019-9568
Feb 6, 2019
Researcher: Tim Coen
Forminator – Contact Form, Payment Form & Custom Form Builder <= 1.29.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via forminator_form Shortcode
6.4
CVE-2024-3053
Apr 8, 2024
Researcher: wesley (wcraft)
Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.34.0 - Reflected Cross-Site Scripting
6.1
CVE-2024-45625
Sep 9, 2024
Researcher: Yoshimitsu Kato
Forminator <= 1.15.2 - Reflected Cross-Site Scripting
6.1
CVE-2024-31857
Apr 18, 2024
Researcher: hibiki moriyama
Forminator <= 1.29.0 - Reflected Cross-Site Scripting
6.1
CVE-2024-29777
Mar 25, 2024
Researcher: Rafie Muhammad
Forminator <= 1.24.1 - Reflected Cross-Site Scripting
6.1
CVE-2023-3134
Jul 10, 2023
Researcher: Andreas Damen
Forminator Plugin <= 1.5.4 - Cross-Site Scripting
6.1
CVE-2019-9567
Feb 6, 2019
Researcher: Tim Coen
Forminator – Contact Form, Payment Form & Custom Form Builder <= 1.13.4 - Cross-Site Request Forgery Bypass
5.4
CVE-2021-4417
Mar 1, 2021
Researcher: Jerome Bruandet
Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.36.0 - Insecure Direct Object Reference to Submission Manipulation
5.3
CVE-2024-9700
Oct 30, 2024
Researcher: Vijaysimha Reddy (vijaysimha)
Forminator <= 1.23.3 - Race Condition to Multiple Poll Voting
5.3
CVE-2023-2010
Jun 12, 2023
Researcher: Amirmohammad vakili
Forminator <= 1.15.2 - Admin+ Stored Cross-Site Scripting
4.8
CVE-2021-24700
Oct 20, 2021
Researcher: Shivam Rai
Forminator – Contact Form, Payment Form & Custom Form Builder <= 1.27.0 - Authenticated (Admin+) Stored Cross-Site Scripting
4.4
CVE-2023-5119
Oct 27, 2023
Researcher: Mohamed Azarudheen
Title Status CVE ID CVSS Researchers Date
Forminator <= 1.28.1 - Unauthenticated Arbitrary File Upload Patched CVE-2024-28890 9.8 hibiki moriyama April 18, 2024
Forminator <= 1.24.6 - Unauthenticated Arbitrary File Upload Patched CVE-2023-4596 9.8 mehmet August 29, 2023
Forminator <= 1.29.2 - Authenticated (Admin+) SQL Injection Patched CVE-2024-31077 9.1 hibiki moriyama April 18, 2024
Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.35.1 - Missing Authorization to Authenticated (Contributor+) Form Update and Creation Patched CVE-2024-10402 7.5 wesley (wcraft) October 25, 2024
Forminator <= 1.29.1 - HubSpot Developer API Key Sensitive Information Exposure Patched CVE-2024-7389 7.5 Sean Murphy August 1, 2024
Forminator <= 1.29.0 - Unauthenticated Stored Cross-Site Scripting via File Upload Patched CVE-2024-1794 7.2 wesley (wcraft) March 29, 2024
Forminator <= 1.14.11 - Unauthenticated Stored Cross-Site Scripting Patched CVE-2021-36821 7.2 Jörgson July 14, 2021
Forminator <= 1.27.0 - Authenticated (Administrator+) Arbitrary File Upload Patched CVE-2023-6133 6.6 István Márton November 14, 2023
Forminator Plugin <= 1.5.3.1 - SQL Injection Patched CVE-2019-9568 6.5 Tim Coen February 6, 2019
Forminator – Contact Form, Payment Form & Custom Form Builder <= 1.29.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via forminator_form Shortcode Patched CVE-2024-3053 6.4 wesley (wcraft) April 8, 2024
Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.34.0 - Reflected Cross-Site Scripting Patched CVE-2024-45625 6.1 Yoshimitsu Kato September 9, 2024
Forminator <= 1.15.2 - Reflected Cross-Site Scripting Patched CVE-2024-31857 6.1 hibiki moriyama April 18, 2024
Forminator <= 1.29.0 - Reflected Cross-Site Scripting Patched CVE-2024-29777 6.1 Rafie Muhammad March 25, 2024
Forminator <= 1.24.1 - Reflected Cross-Site Scripting Patched CVE-2023-3134 6.1 Andreas Damen July 10, 2023
Forminator Plugin <= 1.5.4 - Cross-Site Scripting Patched CVE-2019-9567 6.1 Tim Coen February 6, 2019
Forminator – Contact Form, Payment Form & Custom Form Builder <= 1.13.4 - Cross-Site Request Forgery Bypass Patched CVE-2021-4417 5.4 Jerome Bruandet March 1, 2021
Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.36.0 - Insecure Direct Object Reference to Submission Manipulation Patched CVE-2024-9700 5.3 Vijaysimha Reddy (vijaysimha) October 30, 2024
Forminator <= 1.23.3 - Race Condition to Multiple Poll Voting Patched CVE-2023-2010 5.3 Amirmohammad vakili June 12, 2023
Forminator <= 1.15.2 - Admin+ Stored Cross-Site Scripting Patched CVE-2021-24700 4.8 Shivam Rai October 20, 2021
Forminator – Contact Form, Payment Form & Custom Form Builder <= 1.27.0 - Authenticated (Admin+) Stored Cross-Site Scripting Patched CVE-2023-5119 4.4 Mohamed Azarudheen October 27, 2023

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation