cleantalk
Vulnerabilities and Security Researches

Forminator – Contact Form, Payment Form & Custom Form Builder, CVE-2023-3134

CVE, Research URL

CVE-2023-3134

Home page URL

Security reports for Forminator – Contact Form, Payment Form & Custom Form Builder

Application

Forminator – Contact Form, Payment Form & Custom Form Builder

Published on
Jul 31, 2023
Research Description
The Forminator WordPress plugin before 1.24.4 does not properly escape values that are being reflected inside form fields that use pre-populated query parameters, which could lead to reflected XSS attacks.
Affected versions
Min -, max 1.24.4.
Status
vulnerable
Previous vulnerability researches
GSheetConnector for Forminator Forms (CVE-2025-22752) , Jan 17, 2025
Forminator – Contact Form, Payment Form & Custom Form Builder (CVE-2024-7052) , May 16, 2025
Forminator – Contact Form, Payment Form & Custom Form Builder (CVE-2024-45625) , Sep 10, 2024
Forminator – Contact Form, Payment Form & Custom Form Builder (CVE-2024-9351) , Oct 17, 2024
Forminator – Contact Form, Payment Form & Custom Form Builder (CVE-2024-9352) , Oct 17, 2024
New vulnerability
DIOT SCADA with MQTT (CVE-2025-4216) , Jun 16, 2025
Simple Newsletter Plugin – Noptin (CVE-2025-49871) , Jun 16, 2025
Job Board Manager (CVE-2025-49324) , Jun 16, 2025
Bitly URL Shortener (CVE-2025-30629) , Jun 16, 2025
ACF Onyx Poll (CVE-2025-5841) , Jun 16, 2025