Every CVE whose affected-product data names Incsub Forminator, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (20)
CVE-2023-4596 — CVSS 9.8 (critical): The Forminator plugin for WordPress is vulnerable to arbitrary file uploads due to file type validation occurring after a file has been…
CVE-2025-6463 — CVSS 8.8 (high): The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to arbitrary file deletion due…
CVE-2025-6464 — CVSS 7.5 (high): The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to PHP Object Injection in all…
CVE-2024-7389 — CVSS 7.5 (high): The Forminator plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.29.1 via…
CVE-2024-1794 — CVSS 7.2 (high): The Forminator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an uploaded file (e.g. 3gpp file) in all versions up…
CVE-2024-31077 — CVSS 7.2 (high): Forminator prior to 1.29.3 contains a SQL injection vulnerability. If this vulnerability is exploited, a remote authenticated attacker with…
CVE-2024-29777 — CVSS 7.1 (high): Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPMU DEV - Your All-in-One WordPress…
CVE-2021-36821 — CVSS 7.1 (high): Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPMU DEV Forminator allows…
CVE-2023-6133 — CVSS 6.6 (medium): The Forminator plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient blacklisting on the 'forminator_allowed_mime…
CVE-2019-9568 — CVSS 6.5 (medium): The "Forminator Contact Form, Poll & Quiz Builder" plugin before 1.6 for WordPress has SQL Injection via the wp-admin/admin.php?page=formina…
CVE-2024-3053 — CVSS 6.4 (medium): The Forminator – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via…
CVE-2023-3134 — CVSS 6.1 (medium): The Forminator WordPress plugin before 1.24.4 does not properly escape values that are being reflected inside form fields that use…
CVE-2019-9567 — CVSS 6.1 (medium): The "Forminator Contact Form, Poll & Quiz Builder" plugin before 1.6 for WordPress has XSS via a custom input field of a poll.
CVE-2024-45625 — CVSS 6.1 (medium): Cross-site scripting vulnerability exists in Forminator versions prior to 1.34.1. If this vulnerability is exploited, an arbitrary script…
CVE-2024-31857 — CVSS 5.4 (medium): Forminator prior to 1.15.4 contains a cross-site scripting vulnerability. If this vulnerability is exploited, a remote attacker may obtain…
CVE-2021-4417 — CVSS 5.4 (medium): The Forminator – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in…
CVE-2024-28890 — CVSS 5.3 (medium): Forminator prior to 1.29.0 contains an unrestricted upload of file with dangerous type vulnerability. If this vulnerability is exploited, a…
CVE-2023-5119 — CVSS 4.8 (medium): The Forminator WordPress plugin before 1.27.0 does not properly sanitize the redirect-url field in the form submission settings, which…
CVE-2021-24700 — CVSS 4.8 (medium): The Forminator WordPress plugin before 1.15.4 does not sanitize and escape the email field label, which could allow high privilege users to…
CVE-2023-2010 — CVSS 3.1 (low): The Forminator WordPress plugin before 1.24.1 does not use an atomic operation to check whether a user has already voted, and then update…