Wpmudev Forminator Forms — known CVE vulnerabilities
Every CVE whose affected-product data names Wpmudev Forminator Forms, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (10)
CVE-2024-10402 — CVSS 7.5 (high): The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to unauthorized access due to…
CVE-2025-5341 — CVSS 6.4 (medium): The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting…
CVE-2025-0469 — CVSS 6.4 (medium): The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting…
CVE-2025-3487 — CVSS 6.4 (medium): The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting…
CVE-2025-0470 — CVSS 6.1 (medium): The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Reflected Cross-Site…
CVE-2024-9700 — CVSS 5.3 (medium): The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Insecure Direct Object…
CVE-2025-3479 — CVSS 5.3 (medium): The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Order Replay in all…
CVE-2024-7052 — CVSS 4.8 (medium): The Forminator Forms WordPress plugin before 1.38.3 does not sanitise and escape some of its settings, which could allow high privilege…
CVE-2024-9351 — CVSS 4.3 (medium): The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery…
CVE-2024-9352 — CVSS 4.3 (medium): The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery…