CVE-2025-5341 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id' and 'data…
Medium CVSS: 6.4

CVE-2025-5341

The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id' and 'data-size’ parameters in all versions up to, and including, 1.44.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Vendor
Wpmudev
Product
Forminator Forms
CWE
CWE-79
Yayın Tarihi
2025-06-05 12:15:23
Güncelleme
2025-07-10 14:40:42
Source Identifier
security@wordfence.com
KEV Date Added
-

Kategoriler

CWE-79 Forminator Forms MEDIUM Wpmudev 2025

Referanslar

https://plugins.trac.wordpress.org/browser/forminator/tags/1.44.1/assets/forminator-ui/js/forminator-form.js#L985 https://plugins.trac.wordpress.org/changeset/3306475 https://wordpress.org/plugins/forminator/#developers https://www.wordfence.com/threat-intel/vulnerabilities/id/415bfddb-5223-439f-8a08-535f79631ff0?source=cve