CVE Tools

incsub

Web & CMS Pluginscommercial

5

Cumulative CVEs

1

Monthly snapshots

#169

Peak rank

Top products

Latest CVEs

The 15 most recently published vulnerabilities affecting incsub.

CVE-2025-6464Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.44.2 - Unauthenticated PHP Object Injection (PHAR) Triggered via Administrator Form Submission Deletion7.5Jul 2, 2025
CVE-2025-6463Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.44.2 - Unauthenticated Arbitrary File Deletion Triggered via Administrator Form Submission Deletion8.8Jul 2, 2025
CVE-2024-43118WordPress Hummingbird plugin <= 3.9.1 - Broken Access Control vulnerability4.3Nov 1, 2024
CVE-2024-45625Cross-site scripting vulnerability exists in Forminator versions prior to 1.34.1. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who follows ...6.1Sep 9, 2024
CVE-2024-7389Forminator <= 1.29.1 - HubSpot Developer API Key Sensitive Information Exposure7.5Aug 2, 2024
CVE-2024-32792WordPress Hummingbird plugin <= 3.7.3 - Broken Access Control vulnerability4.3Jun 9, 2024
CVE-2024-28890Forminator prior to 1.29.0 contains an unrestricted upload of file with dangerous type vulnerability. If this vulnerability is exploited, a remote attacker may obtain sensitive information by acces...5.3Apr 23, 2024
CVE-2024-31077Forminator prior to 1.29.3 contains a SQL injection vulnerability. If this vulnerability is exploited, a remote authenticated attacker with an administrative privilege may obtain and alter any info...7.2Apr 23, 2024
CVE-2024-31857Forminator prior to 1.15.4 contains a cross-site scripting vulnerability. If this vulnerability is exploited, a remote attacker may obtain user information etc. and alter the page contents on the u...5.4Apr 23, 2024
CVE-2024-1794Forminator <= 1.29.0 - Unauthenticated Stored Cross-Site Scripting via File Upload7.2Apr 9, 2024
CVE-2024-3053Forminator – Contact Form, Payment Form & Custom Form Builder <= 1.29.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via forminator_form Shortcode6.4Apr 9, 2024
CVE-2024-29777WordPress Forminator plugin <= 1.29.0 - Reflected Cross Site Scripting (XSS) vulnerability7.1Mar 27, 2024
CVE-2023-5119Forminator and Forminator Pro < 1.27.0 - Admin+ Stored Cross-Site Scripting4.8Nov 20, 2023
CVE-2023-6133Forminator <= 1.27.0 - Authenticated (Administrator+) Arbitrary File Upload6.6Nov 15, 2023
CVE-2023-4596Forminator <= 1.24.6 - Unauthenticated Arbitrary File Upload9.8Aug 30, 2023