CVE Tools

wpmudev

Web & CMS Pluginscommercial

10

Cumulative CVEs

2

Monthly snapshots

#164

Peak rank

Top products

hustle – email marketing, lead generation, optins, popups2 branda – white label & branding, free login page customizer1 defender security1

Latest CVEs

The 15 most recently published vulnerabilities affecting wpmudev.

CVE-2026-11551Branda – White Label & Branding, Free Login Page Customizer <= 3.4.29 - Unauthenticated Privilege Escalation via Account Takeover9.8Jun 19, 2026
CVE-2026-6214Forminator Forms <= 1.53.0 - Missing Authorization to Authenticated (Subscriber+) Scheduled Form Submission Export via forminator_export_entries Action on wp_loaded Hook6.5May 7, 2026
CVE-2026-6222Forminator Forms <= 1.51.1 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Disclosure via 'forminator_action' Parameter5.3May 7, 2026
CVE-2026-5192Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.52.1 - Unauthenticated Arbitrary File Read via 'upload-1[file][file_path]'7.5May 5, 2026
CVE-2026-2729Forminator – Contact Form, Payment Form & Custom Form Builder <= 1.52.0 - Missing Authorization to Unauthenticated Stripe PaymentIntent Reuse / Underpayment Bypass via 'paymentid' Parameter5.3May 5, 2026
CVE-2026-2263Hustle – Email Marketing, Lead Generation, Optins, Popups <= 7.8.10.2 - Missing Authorization to Unauthenticated Conversion Tracking Data Manipulation5.3Apr 7, 2026
CVE-2026-2002Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.50.2 - Authenticated (Administrator+) Stored Cross-Site Scripting4.4Feb 17, 2026
CVE-2026-0911Hustle <= 7.8.9.2 - Authenticated (Subscriber+) Arbitrary File Upoload via Module Import7.5Jan 24, 2026
CVE-2025-14782Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.49.1 - Missing Authorization to Authenticated (Forminator User+) CSV Export5.3Jan 9, 2026
CVE-2025-14998Branda – White Label & Branding, Free Login Page Customizer <= 3.4.24 - Unauthenticated Privilege Escalation via Account Takeover9.8Jan 2, 2026
CVE-2025-14437Hummingbird <= 3.18.0 - Unauthenticated Sensitive Information Exposure via Log File7.5Dec 18, 2025
CVE-2017-20206Appointments <= 2.2.1 - Unauthenticated PHP Object Injection9.8Oct 18, 2025
CVE-2025-11163SmartCrawl SEO checker, analyzer & optimizer <= 3.14.3 - Missing Authorization to Plugin Settings Update4.3Sep 30, 2025
CVE-2025-7638Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.45.0 - Authenticated (Administrator+) SQL Injection via `order_by` Parameter4.9Jul 18, 2025
CVE-2025-6464Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.44.2 - Unauthenticated PHP Object Injection (PHAR) Triggered via Administrator Form Submission Deletion7.5Jul 2, 2025