Forminator – Contact Form, Payment Form & Custom Form Builder

Software Type	Plugin
Software Slug	forminator (view on wordpress.org)
Software Status	Active
Software Author	wpmudev
Software Website	wpmudev.com
Software Downloads	7,019,457
Software Active Installs	500,000
Software Record Last Updated	May 14, 2024

19 Vulnerabilities

Forminator Plugin <= 1.5.4 - Cross-Site Scripting

6.1

CVE-2019-9567

Feb 6, 2019

Researcher: Tim Coen

Forminator Plugin <= 1.5.3.1 - SQL Injection

6.5

CVE-2019-9568

Feb 6, 2019

Researcher: Tim Coen

Forminator – Contact Form, Payment Form & Custom Form Builder <= 1.13.4 - Cross-Site Request Forgery Bypass

5.4

CVE-2021-4417

Mar 1, 2021

Researcher: Jerome Bruandet

Forminator <= 1.14.11 - Unauthenticated Stored Cross-Site Scripting

7.2

CVE-2021-36821

Jul 14, 2021

Researcher: Jörgson

Forminator <= 1.15.2 - Admin+ Stored Cross-Site Scripting

4.8

CVE-2021-24700

Oct 20, 2021

Researcher: Shivam Rai

Forminator <= 1.22.1 - Missing Authorization on 'hubspot_support_request' AJAX function

4.3

CVE ID Unknown

Apr 12, 2023

Researchers:

Forminator <= 1.22.1 - Missing Authorization on 'load_recaptcha_preview' AJAX function

4.3

CVE ID Unknown

Apr 12, 2023

Researchers:

Forminator <= 1.22.1 - Missing Authorization on 'load_hcaptcha_preview' AJAX function

4.3

CVE ID Unknown

Apr 12, 2023

Researchers:

Forminator <= 1.23.3 - Race Condition to Multiple Poll Voting

5.3

CVE-2023-2010

Jun 12, 2023

Researcher: Amirmohammad vakili

Forminator <= 1.24.1 - Reflected Cross-Site Scripting

6.1

CVE-2023-3134

Jul 10, 2023

Researcher: Andreas Damen

Forminator <= 1.24.6 - Unauthenticated Arbitrary File Upload

9.8

CVE-2023-4596

Aug 29, 2023

Researcher: mehmet

Forminator – Contact Form, Payment Form & Custom Form Builder <= 1.27.0 - Authenticated (Admin+) Stored Cross-Site Scripting

4.4

CVE-2023-5119

Oct 27, 2023

Researcher: Mohamed Azarudheen

Forminator <= 1.27.0 - Authenticated (Administrator+) Arbitrary File Upload

6.6

CVE-2023-6133

Nov 14, 2023

Researcher: István Márton

Forminator <= 1.29.0 - Reflected Cross-Site Scripting

6.1

CVE-2024-29777

Mar 25, 2024

Researcher: Rafie Muhammad

Forminator <= 1.29.0 - Unauthenticated Stored Cross-Site Scripting via File Upload

7.2

CVE-2024-1794

Mar 29, 2024

Researcher: wesley (wcraft)

Forminator – Contact Form, Payment Form & Custom Form Builder <= 1.29.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via forminator_form Shortcode

6.4

CVE-2024-3053

Apr 8, 2024

Researcher: wesley (wcraft)

Forminator <= 1.29.2 - Authenticated (Admin+) SQL Injection

9.1

CVE-2024-31077

Apr 18, 2024

Researcher: hibiki moriyama

Forminator <= 1.28.1 - Unauthenticated Arbitrary File Upload

9.8

CVE-2024-28890

Apr 18, 2024

Researcher: hibiki moriyama

Forminator <= 1.15.2 - Reflected Cross-Site Scripting

6.1

CVE-2024-31857

Apr 18, 2024

Researcher: hibiki moriyama

Title	Status	CVE ID	CVSS	Researchers	Date
Forminator Plugin <= 1.5.4 - Cross-Site Scripting	Patched	CVE-2019-9567	6.1	Tim Coen	February 6, 2019
Forminator Plugin <= 1.5.3.1 - SQL Injection	Patched	CVE-2019-9568	6.5	Tim Coen	February 6, 2019
Forminator – Contact Form, Payment Form & Custom Form Builder <= 1.13.4 - Cross-Site Request Forgery Bypass	Patched	CVE-2021-4417	5.4	Jerome Bruandet	March 1, 2021
Forminator <= 1.14.11 - Unauthenticated Stored Cross-Site Scripting	Patched	CVE-2021-36821	7.2	Jörgson	July 14, 2021
Forminator <= 1.15.2 - Admin+ Stored Cross-Site Scripting	Patched	CVE-2021-24700	4.8	Shivam Rai	October 20, 2021
Forminator <= 1.22.1 - Missing Authorization on 'hubspot_support_request' AJAX function	Patched		4.3		April 12, 2023
Forminator <= 1.22.1 - Missing Authorization on 'load_recaptcha_preview' AJAX function	Patched		4.3		April 12, 2023
Forminator <= 1.22.1 - Missing Authorization on 'load_hcaptcha_preview' AJAX function	Patched		4.3		April 12, 2023
Forminator <= 1.23.3 - Race Condition to Multiple Poll Voting	Patched	CVE-2023-2010	5.3	Amirmohammad vakili	June 12, 2023
Forminator <= 1.24.1 - Reflected Cross-Site Scripting	Patched	CVE-2023-3134	6.1	Andreas Damen	July 10, 2023
Forminator <= 1.24.6 - Unauthenticated Arbitrary File Upload	Patched	CVE-2023-4596	9.8	mehmet	August 29, 2023
Forminator – Contact Form, Payment Form & Custom Form Builder <= 1.27.0 - Authenticated (Admin+) Stored Cross-Site Scripting	Patched	CVE-2023-5119	4.4	Mohamed Azarudheen	October 27, 2023
Forminator <= 1.27.0 - Authenticated (Administrator+) Arbitrary File Upload	Patched	CVE-2023-6133	6.6	István Márton	November 14, 2023
Forminator <= 1.29.0 - Reflected Cross-Site Scripting	Patched	CVE-2024-29777	6.1	Rafie Muhammad	March 25, 2024
Forminator <= 1.29.0 - Unauthenticated Stored Cross-Site Scripting via File Upload	Patched	CVE-2024-1794	7.2	wesley (wcraft)	March 29, 2024
Forminator – Contact Form, Payment Form & Custom Form Builder <= 1.29.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via forminator_form Shortcode	Patched	CVE-2024-3053	6.4	wesley (wcraft)	April 8, 2024
Forminator <= 1.29.2 - Authenticated (Admin+) SQL Injection	Patched	CVE-2024-31077	9.1	hibiki moriyama	April 18, 2024
Forminator <= 1.28.1 - Unauthenticated Arbitrary File Upload	Patched	CVE-2024-28890	9.8	hibiki moriyama	April 18, 2024
Forminator <= 1.15.2 - Reflected Cross-Site Scripting	Patched	CVE-2024-31857	6.1	hibiki moriyama	April 18, 2024

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation

Forminator – Contact Form, Payment Form & Custom Form Builder

Information

19 Vulnerabilities