Stored Cross-Site Scripting Vulnerability in Forminator Forms Plugin for WordPress
CVE-2025-5341
6.4MEDIUM
Key Information:
- Vendor
WordPress
- Vendor
- CVE Published:
- 5 June 2025
What is CVE-2025-5341?
The Forminator Forms plugin for WordPress is susceptible to Stored Cross-Site Scripting due to inadequate input sanitization and output escaping mechanisms. This vulnerability affects all versions up to and including 1.44.1. Authenticated attackers with Contributor-level access or higher can exploit this flaw via the 'id' and 'data-size' parameters, enabling them to inject arbitrary web scripts into pages. Such scripts execute automatically whenever a user accesses the compromised page, creating significant risks for users and website integrity.
Affected Version(s)
Forminator Forms – Contact Form, Payment Form & Custom Form Builder * <= 1.44.1