CVE-2024-7052

Medium CVSS: 4.8

The Forminator Forms WordPress plugin before 1.38.3 does not sanitise and escape some of its settings, which could allow high privilege users such as Admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

Vendor

Wpmudev

Product

Forminator Forms

CWE

CWE-79

Yayın Tarihi

2025-02-14 06:15:20

Güncelleme

2025-05-14 20:38:54

Source Identifier

contact@wpscan.com

KEV Date Added

Kategoriler

CWE-79 Forminator Forms MEDIUM Wpmudev 2025

Referanslar

https://wpscan.com/vulnerability/4e52cab5-821c-4ca8-9024-67f716cf78fe/

Benzer Kayıtlar

Critical

CVE-2017-20206

The Appointments plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.2.1 via…

Medium

CVE-2025-5341

The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cro…

Medium

CVE-2024-8492

The Hustle WordPress plugin through 7.8.5 does not sanitise and escape some of its settings, which could allow high pri…

Medium

CVE-2025-3479

The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Order Repl…

Medium

CVE-2025-3487

The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cro…

Medium

CVE-2025-0469

The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cro…