Unauthenticated Cross Site Scripting Vulnerability in Forminator Plugin by WordPress
CVE-2026-56071
7.1HIGH
What is CVE-2026-56071?
The Forminator plugin for WordPress is affected by an unauthenticated Cross Site Scripting (XSS) vulnerability that impacts versions up to 1.53.1. This issue allows attackers to inject malicious scripts into the web pages viewed by users, potentially leading to compromise of user sessions, redirection to malicious sites, or unauthorized actions performed in the context of the logged-in user.
Affected Version(s)
Forminator <= 1.53.1