Log out
Get PRO

Latest

Input validation vulnerability in Forminator Forms – Contact Form, Payment Form & Custom Form Builder 1.42.0

  • Severity: medium-risk
  • Status: Fixed
  • Publication: April 16, 2025

The plugin called Forminator Forms, which is used for creating contact forms, payment forms, and custom forms on WordPress, has a security issue that affects all versions up to 1.42.0. This issue, known as Order Replay, allows attackers to use the same payment information for multiple transactions without being authenticated. The plugin does not properly check the validity of a key controlled by the user, making it possible for attackers to trick administrators into fulfilling each transaction.

Detected in:

Forminator Forms – Contact Form, Payment Form & Custom Form Builder fixed vulnerable versions:

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.