CVE-2025-14782

Name of the Vulnerable Software and Affected Versions Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress versions up to and including 1.49.1

Description The Forminator Forms plugin is susceptible to authorization bypass. This occurs because the plugin does not adequately verify user authorization before allowing certain actions. An authenticated attacker with access to the Forminator dashboard can exploit this to export sensitive form submission data, potentially including personally identifiable information, through the listen for csv export function.

Recommendations Versions prior to and including 1.49.1 should be updated.