WordPress Plugin Vulnerabilities

Forminator < 1.6 - Authenticated Multiple Vulnerabilities

Description

The Forminator – Contact Form, Payment Form & Custom Form Builder WordPress plugin was affected by an Authenticated Multiple Vulnerabilities security vulnerability.

Affects Plugins

Plugin icon
forminator
Fixed in 1.6

References

CVE
CVE-2019-9567
CVE
CVE-2019-9568
URL
https://security-consulting.icu/blog/2019/02/wordpress-forminator-persistent-xss-blind-sql-injection/
URL
https://lists.openwall.net/full-disclosure/2019/02/05/4

Miscellaneous

Original Researcher
Tim Coen
Submitter
Ryan Dewhurst
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
617d54dd-a2dc-4949-9225-cdf17273e60a

Timeline

Publicly Published
2019-02-06 (about 7 years ago)
Added
2019-02-06 (about 7 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2018-11-15
Title
Slideshow Gallery <= 1.6.8 - XSS and SQLi
Published
2016-08-04
Title
WP Database Backup < 4.3.3 - CSRF & XSS
Published
2015-02-04
Title
Pixabay Images <= 2.3 - Multiple Vulnerabilities (RCE, XSS, ...)
Published
2019-12-25
Title
bbPress Login Register Links On Forum Topic Pages < 2.8.5 - CSRF to Stored XSS
Published
2019-09-08
Title
Selio - Real Estate Directory <= 1.1 - SQL Injection & Persistent XSS