cleantalk
Vulnerabilities and Security Researches

Forminator – Contact Form, Payment Form & Custom Form Builder, CVE-2024-29777

CVE, Research URL

CVE-2024-29777

Home page URL

Security reports for Forminator – Contact Form, Payment Form & Custom Form Builder

Application

Forminator – Contact Form, Payment Form & Custom Form Builder

Published on
Mar 27, 2024
Research Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPMU DEV Forminator allows Reflected XSS.This issue affects Forminator: from n/a through 1.29.0.
Affected versions
Min -, max 1.29.1.
Status
vulnerable
Previous vulnerability researches
GSheetConnector for Forminator Forms (CVE-2025-22752) , Jan 17, 2025
Forminator – Contact Form, Payment Form & Custom Form Builder (CVE-2024-7052) , May 16, 2025
Forminator – Contact Form, Payment Form & Custom Form Builder (CVE-2024-45625) , Sep 10, 2024
Forminator – Contact Form, Payment Form & Custom Form Builder (CVE-2025-7638) , Jul 19, 2025
Forminator – Contact Form, Payment Form & Custom Form Builder (CVE-2024-9351) , Oct 17, 2024
New vulnerability
Integration for Google Sheets and Contact Form 7, WPForms, Elementor, Ninja Forms (CVE-2025-7697) , Jul 21, 2025
Subscribe to Comments (CVE-2015-10133) , Jul 21, 2025
Connect to external APIs | Custom endpoints for WP (CVE-2025-54048) , Jul 21, 2025
Front-end Editor (CVE-2012-10019) , Jul 21, 2025
JetFormBuilder — Dynamic Blocks Form Builder (CVE-2025-53990) , Jul 20, 2025