Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee
Vulnerability List
Clear Filters
Found 36 results
CVE IDTitleVendorProductSeverityCVSS ScorePublished AtAI Analysis
CVE-2026-32409 WordPress Forminator plugin <= 1.50.2 - Broken Access Control vulnerability WPMU DEV - Your All-in-One WordPress PlatformForminator 中危 -2026-03-13 11:42:14 Deep Dive
CVE-2025-12845 Tablesome Table – Contact Form DB – WPForms, CF7, Gravity, Forminator, Fluent 0.5.4 - 1.2.1 - Missing Authorization to Authenticated (Subscriber+) Information Exposure and Privilege Escalation essekiaTablesome Table – Contact Form DB – WPForms, CF7, Gravity, Forminator, Fluent High 8.8 2026-02-19 03:25:18 Deep Dive
CVE-2026-2002 Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.50.2 - Authenticated (Administrator+) Stored Cross-Site Scripting wpmudevForminator Forms – Contact Form, Payment Form & Custom Form Builder Medium 4.4 2026-02-17 04:35:45 Deep Dive
CVE-2025-14782 Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.49.1 - Missing Authorization to Authenticated (Forminator User+) CSV Export wpmudevForminator Forms – Contact Form, Payment Form & Custom Form Builder Medium 5.3 2026-01-09 06:34:53 Deep Dive
CVE-2025-11499 Tablesome Table – Contact Form DB – WPForms, CF7, Gravity, Forminator, Fluent <= 1.1.32 - Unauthenticated Arbitrary File Upload essekiaTablesome Table – Contact Form DB – WPForms, CF7, Gravity, Forminator, Fluent Critical 9.8 2025-11-01 06:40:37 Deep Dive
CVE-2025-7638 Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.45.0 - Authenticated (Administrator+) SQL Injection via `order_by` Parameter wpmudevForminator Forms – Contact Form, Payment Form & Custom Form Builder Medium 4.9 2025-07-18 04:23:02 Deep Dive
CVE-2025-6464 Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.44.2 - Unauthenticated PHP Object Injection (PHAR) Triggered via Administrator Form Submission Deletion wpmudevForminator Forms – Contact Form, Payment Form & Custom Form Builder High 7.5 2025-07-02 05:29:17 Deep Dive
CVE-2025-6463 Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.44.2 - Unauthenticated Arbitrary File Deletion Triggered via Administrator Form Submission Deletion wpmudevForminator Forms – Contact Form, Payment Form & Custom Form Builder High 8.8 2025-07-02 04:24:56 Deep Dive
CVE-2025-5341 Forminator <= 1.44.1 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via id and data-size Parameters wpmudevForminator Forms – Contact Form, Payment Form & Custom Form Builder Medium 6.4 2025-06-05 11:15:06 Deep Dive
CVE-2025-3487 Forminator <= 1.42.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'limit' wpmudevForminator Forms – Contact Form, Payment Form & Custom Form Builder Medium 6.4 2025-04-17 11:13:06 Deep Dive
CVE-2025-3479 Forminator <= 1.42.0 - Order Replay Vulnerability wpmudevForminator Forms – Contact Form, Payment Form & Custom Form Builder Medium 5.3 2025-04-17 11:13:06 Deep Dive
CVE-2025-0469 Forminator <= 1.39.2 - Authenticated (Contributor+) Stored Cross-Site Scripting wpmudevForminator Forms – Contact Form, Payment Form & Custom Form Builder Medium 6.4 2025-02-27 04:21:44 Deep Dive
CVE-2024-7052 Forminator < 1.38.3 - Admin+ Stored XSS UnknownForminator Forms 中危 -2025-02-14 06:00:10 Deep Dive
CVE-2025-0470 Forminator <= 1.38.2 - Reflected Cross-Site Scripting via Title Parameter wpmudevForminator Forms – Contact Form, Payment Form & Custom Form Builder Medium 6.1 2025-01-31 03:21:29 Deep Dive
CVE-2025-22752 WordPress GSheetConnector for Forminator Forms Plugin <= 1.0.12 - Reflected Cross Site Scripting (XSS) vulnerability WesternDealGSheetConnector for Forminator Forms High 7.1 2025-01-15 15:23:28 Deep Dive
CVE-2024-9700 Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.36.0 - Insecure Direct Object Reference to Submission Manipulation wpmudevForminator Forms – Contact Form, Payment Form & Custom Form Builder Medium 5.3 2024-10-31 05:31:24 Deep Dive
CVE-2024-10402 Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.35.1 - Missing Authorization to Authenticated (Contributor+) Form Update and Creation wpmudevForminator Forms – Contact Form, Payment Form & Custom Form Builder High 7.5 2024-10-26 11:38:03 Deep Dive
CVE-2024-9351 Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.35.1 - Cross-Site Request Forgery to Draft Quiz Creation wpmudevForminator Forms – Contact Form, Payment Form & Custom Form Builder Medium 4.3 2024-10-17 05:33:09 Deep Dive
CVE-2024-9352 Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.35.1 - Cross-Site Request Forgery to Draft Custom Form Creation wpmudevForminator Forms – Contact Form, Payment Form & Custom Form Builder Medium 4.3 2024-10-17 05:33:09 Deep Dive
CVE-2022-4974 Freemius SDK <= 2.4.2 - Missing Authorization Checks dashlabsltdYASR – Yet Another Star Rating Plugin for WordPress Medium 6.3 2024-10-16 06:43:30 Deep Dive