cleantalk
Vulnerabilities and Security Researches

Forminator – Contact Form, Payment Form & Custom Form Builder, CVE-2023-3134

CVE, Research URL

CVE-2023-3134

Home page URL

Security reports for Forminator – Contact Form, Payment Form & Custom Form Builder

Application

Forminator – Contact Form, Payment Form & Custom Form Builder

Published on
Jul 31, 2023
Research Description
The Forminator WordPress plugin before 1.24.4 does not properly escape values that are being reflected inside form fields that use pre-populated query parameters, which could lead to reflected XSS attacks.
Affected versions
Min -, max 1.24.4.
Status
vulnerable
Previous vulnerability researches
GSheetConnector for Forminator Forms (CVE-2025-22752) , Jan 17, 2025
Forminator – Contact Form, Payment Form & Custom Form Builder (CVE-2024-45625) , Sep 10, 2024
Forminator – Contact Form, Payment Form & Custom Form Builder (CVE-2024-9351) , Oct 17, 2024
Forminator – Contact Form, Payment Form & Custom Form Builder (CVE-2024-9352) , Oct 17, 2024
Forminator – Contact Form, Payment Form & Custom Form Builder (CVE-2024-9700) , Oct 31, 2024
New vulnerability
WP Logger (CVE-2025-39456) , Apr 20, 2025
visualslider Sldier (CVE-2025-23448) , Apr 20, 2025
RSS Manager (CVE-2025-39418) , Apr 20, 2025
Contact Form vCard Generator (CVE-2025-39521) , Apr 20, 2025
AdminQuickbar (CVE-2025-39464) , Apr 20, 2025