Forminator Plugin Vulnerability - CVE-2025-5341

New day, new vulnerability.

Today, we're looking at a new vulnerability in the plugin called "The Forminator Forms – Contact Form, Payment Form & Custom Form Builder".

The vulnerability was found and reported yesterday(04/06/2025), under CVE-2025-5341.

Luckily for many of us, it was already patched with the 1.44.2 version of the Forminator plugin.

This security issue allows for Cross-Site Scripting if you have registrations enabled on your WP website.

Unless patched on your website, if you have registrations enabled, an attacker can create a subscriber account(which usually doesn't have any permissions) and use this vulnerability to upload arbitrary scripts to your pages, potentially harming your website, security, and reputation.

Please download the latest version of the Forminator plugin from the official WP repository, or log in to your website and update the Forminator plugin.

Need help? Just reach out!