Wpmu Dev Forminator vulnerabilities

5 known vulnerabilities affecting wpmu_dev/forminator.

Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM4

Vulnerabilities

Page 1 of 1
CVE-2024-45625MEDIUMCVSS 6.1vprior to 1.34.12024-09-09
CVE-2024-45625 [MEDIUM] CWE-79 CVE-2024-45625: Cross-site scripting vulnerability exists in Forminator versions prior to 1.34.1. If this vulnerabil Cross-site scripting vulnerability exists in Forminator versions prior to 1.34.1. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who follows a crafted URL and accesses the webpage with the web form created by Forminator.
cvelistv5nvd
CVE-2024-31077HIGHCVSS 7.2vprior to 1.29.32024-04-23
CVE-2024-31077 [HIGH] CWE-89 CVE-2024-31077: Forminator prior to 1.29.3 contains a SQL injection vulnerability. If this vulnerability is exploite Forminator prior to 1.29.3 contains a SQL injection vulnerability. If this vulnerability is exploited, a remote authenticated attacker with an administrative privilege may obtain and alter any information in the database and cause a denial-of-service (DoS) condition.
cvelistv5nvd
CVE-2024-31857MEDIUMCVSS 5.4vprior to 1.15.42024-04-23
CVE-2024-31857 [MEDIUM] CWE-79 CVE-2024-31857: Forminator prior to 1.15.4 contains a cross-site scripting vulnerability. If this vulnerability is e Forminator prior to 1.15.4 contains a cross-site scripting vulnerability. If this vulnerability is exploited, a remote attacker may obtain user information etc. and alter the page contents on the user's web browser.
cvelistv5nvd
CVE-2024-28890MEDIUMCVSS 5.3vprior to 1.29.02024-04-23
CVE-2024-28890 [MEDIUM] CWE-434 CVE-2024-28890: Forminator prior to 1.29.0 contains an unrestricted upload of file with dangerous type vulnerability Forminator prior to 1.29.0 contains an unrestricted upload of file with dangerous type vulnerability. If this vulnerability is exploited, a remote attacker may obtain sensitive information by accessing files on the server, alter the site that uses the plugin, and cause a denial-of-service (DoS) condition.
cvelistv5nvd
CVE-2021-36821MEDIUMCVSS 6.1≥ n/a, ≤ 1.14.112023-03-16
CVE-2021-36821 [MEDIUM] CWE-79 CVE-2021-36821: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerab Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPMU DEV Forminator allows Stored XSS.This issue affects Forminator: from n/a through 1.14.11.
cvelistv5nvd