Cross-Site Scripting in Forminator Plugin for WordPress by WPMU DEV
CVE-2019-9567

6.1MEDIUM

Key Information:

Vendor
Wordpress
Status
Forminator
Vendor
CVE Published:
4 March 2019

Summary

The Forminator Contact Form, Poll & Quiz Builder plugin for WordPress prior to version 1.6 is vulnerable to Cross-Site Scripting (XSS) attacks. This occurs through a custom input field in polls that can be exploited by attackers to inject malicious scripts, compromising user sessions and site integrity. Ensuring your WordPress instance is updated is essential to safeguard against potential exploitation.

References

https://lists.openwall.net/full-disclosure/2019/02/05/4
x_refsource_MISC
https://security-consulting.icu/blog/2019/02/wordpress-fo...
x_refsource_MISC
https://wordpress.org/plugins/forminator/#developers
x_refsource_MISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.