Vulnerabilities in wpmudev

44 results

CVE-2026-6214MEDIUMForminator Forms <= 1.53.0 - Missing Authorization to Authenticated (Subscriber+) Scheduled Form Submission Export via forminator_export_entries Action on wp_loaded HookEPSS 0.4%CVE-2026-6222MEDIUMForminator Forms <= 1.51.1 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Disclosure via 'forminator_action' ParameterEPSS 0.4%CVE-2024-10579MEDIUMHustle – Email Marketing, Lead Generation, Optins, Popups <= 7.8.5 - Missing Authorization to Unpublished Form ExposureEPSS 0.4%CVE-2024-6556MEDIUMSmartCrawl WordPress SEO checker, SEO analyzer, SEO optimizer <= 3.10.8 - Unauthenticated Full Path DisclosureEPSS 0.4%CVE-2024-9700MEDIUMForminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.36.0 - Insecure Direct Object Reference to Submission ManipulationEPSS 0.4%CVE-2024-10580MEDIUMHustle – Email Marketing, Lead Generation, Optins, Popups <= 7.8.5 - Missing Authorization to Unauthorized Form SubmissionEPSS 0.4%CVE-2026-2263MEDIUMHustle – Email Marketing, Lead Generation, Optins, Popups <= 7.8.10.2 - Missing Authorization to Unauthenticated Conversion Tracking Data ManipulationEPSS 0.4%CVE-2026-2729MEDIUMForminator – Contact Form, Payment Form & Custom Form Builder <= 1.52.0 - Missing Authorization to Unauthenticated Stripe PaymentIntent Reuse / Underpayment Bypass via 'paymentid' ParameterEPSS 0.4%CVE-2021-4417MEDIUMForminator – Contact Form, Payment Form & Custom Form Builder <= 1.13.4 - Cross-Site Request Forgery BypassEPSS 0.4%CVE-2024-3053MEDIUMForminator – Contact Form, Payment Form & Custom Form Builder <= 1.29.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via forminator_form ShortcodeEPSS 0.4%CVE-2024-5191MEDIUMBranda – White Label WordPress, Custom Login Page Customizer <= 3.4.17 - Authenticated (Author+) Stored Cross-Site Scripting via SVG UploadEPSS 0.3%CVE-2023-3352MEDIUMSmush – Lazy Load Images, Optimize & Compress Images <= 3.16.4 - Missing Authorization to Resmush List DeletionEPSS 0.3%CVE-2025-0470MEDIUMForminator <= 1.38.2 - Reflected Cross-Site Scripting via Title ParameterEPSS 0.3%CVE-2025-7638MEDIUMForminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.45.0 - Authenticated (Administrator+) SQL Injection via `order_by` ParameterEPSS 0.3%CVE-2025-14782MEDIUMForminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.49.1 - Missing Authorization to Authenticated (Forminator User+) CSV ExportEPSS 0.3%CVE-2025-5341MEDIUMForminator <= 1.44.1 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via id and data-size ParametersEPSS 0.2%CVE-2025-3487MEDIUMForminator <= 1.42.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'limit'EPSS 0.2%CVE-2025-4047MEDIUMBroken Link Checker <= 2.4.4 - Missing Autorization to Authenticated (Subscriber+) Plugin Status Dashboard ViewEPSS 0.2%CVE-2025-0469MEDIUMForminator <= 1.39.2 - Authenticated (Contributor+) Stored Cross-Site ScriptingEPSS 0.2%CVE-2025-11163MEDIUMSmartCrawl SEO checker, analyzer & optimizer <= 3.14.3 - Missing Authorization to Plugin Settings UpdateEPSS 0.2%

← previouspage 2 / 3next →