Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Forminator Forms – Contact Form, Payment Form & Custom Form Builder — Vulnerabilities & Security Advisories 20

All 20 CVE vulnerabilities found in Forminator Forms – Contact Form, Payment Form & Custom Form Builder, with AI-generated Chinese analysis, references, and POCs.

Vendor: wpmudev

CVE IDTitleCVSSSeverityPublished
CVE-2026-2002 Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.50.2 - Authenticated (Administrator+) Stored Cross-Site Scripting CWE-79 4.4 Medium2026-02-17
CVE-2025-14782 Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.49.1 - Missing Authorization to Authenticated (Forminator User+) CSV Export CWE-862 5.3 Medium2026-01-09
CVE-2025-7638 Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.45.0 - Authenticated (Administrator+) SQL Injection via `order_by` Parameter CWE-89 4.9 Medium2025-07-18
CVE-2025-6464 Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.44.2 - Unauthenticated PHP Object Injection (PHAR) Triggered via Administrator Form Submission Deletion CWE-502 7.5 High2025-07-02
CVE-2025-6463 Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.44.2 - Unauthenticated Arbitrary File Deletion Triggered via Administrator Form Submission Deletion CWE-73 8.8 High2025-07-02
CVE-2025-5341 Forminator <= 1.44.1 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via id and data-size Parameters CWE-79 6.4 Medium2025-06-05
CVE-2025-3487 Forminator <= 1.42.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'limit' CWE-79 6.4 Medium2025-04-17
CVE-2025-3479 Forminator <= 1.42.0 - Order Replay Vulnerability CWE-354 5.3 Medium2025-04-17
CVE-2025-0469 Forminator <= 1.39.2 - Authenticated (Contributor+) Stored Cross-Site Scripting CWE-79 6.4 Medium2025-02-27
CVE-2025-0470 Forminator <= 1.38.2 - Reflected Cross-Site Scripting via Title Parameter CWE-79 6.1 Medium2025-01-31
CVE-2024-9700 Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.36.0 - Insecure Direct Object Reference to Submission Manipulation CWE-639 5.3 Medium2024-10-31
CVE-2024-10402 Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.35.1 - Missing Authorization to Authenticated (Contributor+) Form Update and Creation CWE-862 7.5 High2024-10-26
CVE-2024-9351 Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.35.1 - Cross-Site Request Forgery to Draft Quiz Creation CWE-352 4.3 Medium2024-10-17
CVE-2024-9352 Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.35.1 - Cross-Site Request Forgery to Draft Custom Form Creation CWE-352 4.3 Medium2024-10-17
CVE-2024-7389 Forminator <= 1.29.1 - HubSpot Developer API Key Sensitive Information Exposure CWE-522 7.5 High2024-08-02
CVE-2024-1794 Forminator <= 1.29.0 - Unauthenticated Stored Cross-Site Scripting via File Upload CWE-79 7.2 High2024-04-09
CVE-2024-3053 Forminator – Contact Form, Payment Form & Custom Form Builder <= 1.29.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via forminator_form Shortcode CWE-79 6.4 Medium2024-04-09
CVE-2023-6133 Forminator <= 1.27.0 - Authenticated (Administrator+) Arbitrary File Upload CWE-434 6.6 Medium2023-11-15
CVE-2023-4596 Forminator <= 1.24.6 - Unauthenticated Arbitrary File Upload CWE-434 9.8 Critical2023-08-30
CVE-2021-4417 Forminator – Contact Form, Payment Form & Custom Form Builder <= 1.13.4 - Cross-Site Request Forgery Bypass CWE-352 5.4 Medium2023-07-12

All 20 known CVE vulnerabilities affecting Forminator Forms – Contact Form, Payment Form & Custom Form Builder with full Chinese analysis, references, and POCs where available.