Medium
CVSS: 6.4
The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id' and 'data-size’ parameters in all versions up to, and including, 1.44.1 due to insufficie…
Medium
CVSS: 6.4
The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘limit’ parameter in all versions up to, and including, 1.42.0 due to insufficient input sanit…
Medium
CVSS: 5.3
The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Order Replay in all versions up to, and including, 1.42.0 via the 'handle_stripe_single' function due to insufficient validation o…
Medium
CVSS: 6.4
The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the slider template data in all versions up to, and including, 1.39.2 due to insufficient input sa…
Medium
CVSS: 4.8
The Forminator Forms WordPress plugin before 1.38.3 does not sanitise and escape some of its settings, which could allow high privilege users such as Admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capabi…
Medium
CVSS: 6.1
The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the title parameter in all versions up to, and including, 1.38.2 due to insufficient input sani…