Unknown Forminator vulnerabilities

CVE-2023-5119 [MEDIUM] CWE-79 CVE-2023-5119: The Forminator WordPress plugin before 1.27.0 does not properly sanitize the redirect-url field in t The Forminator WordPress plugin before 1.27.0 does not properly sanitize the redirect-url field in the form submission settings, which could allow high-privilege users such as an administrator to inject arbitrary web scripts even when the unfiltered_html capability is disallowed (for example in a multisite setup).

CVE-2023-3134 [MEDIUM] CWE-79 CVE-2023-3134: The Forminator WordPress plugin before 1.24.4 does not properly escape values that are being reflect The Forminator WordPress plugin before 1.24.4 does not properly escape values that are being reflected inside form fields that use pre-populated query parameters, which could lead to reflected XSS attacks.

CVE-2023-2010 [LOW] CWE-362 CVE-2023-2010: The Forminator WordPress plugin before 1.24.1 does not use an atomic operation to check whether a us The Forminator WordPress plugin before 1.24.1 does not use an atomic operation to check whether a user has already voted, and then update that information. This leads to a Race Condition that may allow a single user to vote multiple times on a poll.