Forminator – Contact Form, Payment Form & Custom Form Builder, CVE-2024-7052
- CVE, Research URL
- Home page URL
-
Security reports for Forminator – Contact Form, Payment Form & Custom Form Builder
- Published on
- Feb 14, 2025
- Research Description
- The Forminator Forms WordPress plugin before 1.38.3 does not sanitise and escape some of its settings, which could allow high privilege users such as Admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
- Affected versions
-
Min -, max 1.38.3.
- Status
-
vulnerable
| Previous vulnerability researches |
|---|
| Emails Blacklist for Everest Forms (4e0b8221f9787e16f8849dff3026eadc73126b28) , Jun 07, 2024 |