cleantalk
Vulnerabilities and Security Researches

Forminator – Contact Form, Payment Form & Custom Form Builder, CVE-2021-36821

CVE, Research URL

CVE-2021-36821

Home page URL

Security reports for Forminator – Contact Form, Payment Form & Custom Form Builder

Application

Forminator – Contact Form, Payment Form & Custom Form Builder

Published on
Mar 16, 2023
Research Description
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPMU DEV Forminator allows Stored XSS.This issue affects Forminator: from n/a through 1.14.11.
Affected versions
Min -, max 1.23.3.
Status
vulnerable
Previous vulnerability researches
GSheetConnector for Forminator Forms (CVE-2025-22752) , Jan 17, 2025
Forminator – Contact Form, Payment Form & Custom Form Builder (CVE-2024-7052) , May 16, 2025
Forminator – Contact Form, Payment Form & Custom Form Builder (CVE-2024-45625) , Sep 10, 2024
Forminator – Contact Form, Payment Form & Custom Form Builder (CVE-2024-9351) , Oct 17, 2024
Forminator – Contact Form, Payment Form & Custom Form Builder (CVE-2024-9352) , Oct 17, 2024
New vulnerability
Mobile Contact Bar (CVE-2024-12739) , May 17, 2025
Contact Form, Survey & Popup Form Plugin for WordPress – ARForms Form Builder (CVE-2024-10504) , May 17, 2025
Front End Users (CVE-2025-47580) , May 17, 2025
ApplyOnline – Application Form Builder and Manager (CVE-2024-10098) , May 17, 2025
Jetpack – WP Security, Backup, Speed, & Growth (CVE-2024-10076) , May 17, 2025