Product
incsub forminator
20 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2025-6464
CVE-2025-6463
CVE-2024-45625
CVE-2024-7389
CVE-2024-31857
CVE-2024-31077
CVE-2024-28890
CVE-2024-3053
CVE-2024-1794
CVE-2024-29777
CVE-2023-5119
CVE-2023-6133
CVE-2023-4596
CVE-2023-3134
CVE-2021-4417
CVE-2023-2010
CVE-2021-36821
CVE-2021-24700
CVE-2019-9568
CVE-2019-9567
< 1.44.3
The Forminator Forms - Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to PHP Object Injection
< 1.44.3
The Forminator Forms - Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to arbitrary file delet
< 1.34.1
Cross-site scripting vulnerability exists in Forminator versions prior to 1.34.1. If this vulnerability is exploited, an arbitrary
< 1.29.2
The Forminator plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.29.1 v
< 1.15.4
Forminator prior to 1.15.4 contains a cross-site scripting vulnerability. If this vulnerability is exploited, a remote attacker ma
< 1.29.3
Forminator prior to 1.29.3 contains a SQL injection vulnerability. If this vulnerability is exploited, a remote authenticated atta
< 1.29.0
Forminator prior to 1.29.0 contains an unrestricted upload of file with dangerous type vulnerability. If this vulnerability is exp
< 1.29.3
The Forminator - Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scriptin
<= 1.29.1
The Forminator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an uploaded file (e.g. 3gpp file) in all vers
< 1.29.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPMU DEV - Your All-in-One W
< 1.27.0
The Forminator WordPress plugin before 1.27.0 does not properly sanitize the redirect-url field in the form submission settings, w
<= 1.27.0
The Forminator plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient blacklisting on the 'forminator_al
<= 1.24.6
The Forminator plugin for WordPress is vulnerable to arbitrary file uploads due to file type validation occurring after a file has
< 1.24.4
The Forminator WordPress plugin before 1.24.4 does not properly escape values that are being reflected inside form fields that use
< 1.13.5
The Forminator - Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery
< 1.24.1
The Forminator WordPress plugin before 1.24.1 does not use an atomic operation to check whether a user has already voted, and then
< 1.14.12
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPMU DEV Forminator a
< 1.15.4
The Forminator WordPress plugin before 1.15.4 does not sanitize and escape the email field label, which could allow high privilege
< 1.6
The "Forminator Contact Form, Poll & Quiz Builder" plugin before 1.6 for WordPress has SQL Injection via the wp-admin/admin.php?pa
< 1.6
The "Forminator Contact Form, Poll & Quiz Builder" plugin before 1.6 for WordPress has XSS via a custom input field of a poll.