cleantalk
Vulnerabilities and Security Researches

Forminator – Contact Form, Payment Form & Custom Form Builder, CVE-2026-32409

CVE, Research URL

CVE-2026-32409

Home page URL

Security reports for Forminator – Contact Form, Payment Form & Custom Form Builder

Application

Forminator – Contact Form, Payment Form & Custom Form Builder

Published on
Mar 14, 2026
Research Description
Missing Authorization vulnerability in WPMU DEV - Your All-in-One WordPress Platform Forminator forminator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Forminator: from n/a through <= 1.50.2.
Affected versions
max 1.50.2.
Status
vulnerable
Previous vulnerability researches
GSheetConnector for Forminator Forms (CVE-2025-22752) , Jan 17, 2025
Forminator &#8211; Contact Form, Payment Form &amp; Custom Form Builder (CVE-2026-2002) , Apr 14, 2026
Forminator &#8211; Contact Form, Payment Form &amp; Custom Form Builder (CVE-2024-7052) , May 16, 2025
Forminator &#8211; Contact Form, Payment Form &amp; Custom Form Builder (CVE-2024-45625) , Sep 10, 2024
Forminator &#8211; Contact Form, Payment Form &amp; Custom Form Builder (CVE-2025-7638) , Jul 19, 2025
New vulnerability
User Registration &#8211; Custom Registration Form, Login Form, and User Profile WordPress Plugin (CVE-2026-3601) , May 05, 2026
Event Tickets and Registration (CVE-2026-42662) , May 05, 2026
Forminator &#8211; Contact Form, Payment Form &amp; Custom Form Builder (CVE-2026-2729) , May 05, 2026
Forminator &#8211; Contact Form, Payment Form &amp; Custom Form Builder (CVE-2026-5192) , May 05, 2026
ElementsKit Elementor addons (CVE-2026-4362) , May 05, 2026