PT-2026-52436 · WordPress · Forminator
Published
2026-06-25
·
Updated
2026-06-25
·
CVE-2026-56071
CVSS v3.1
7.1
High
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
Forminator versions prior to 1.53.2
Description
An unauthenticated cross-site scripting (XSS) flaw exists due to improper input validation and output encoding of user-supplied data. This allows a remote attacker to inject malicious scripts into pages where plugin output is rendered by submitting crafted payloads to exposed forms or endpoints without requiring an account. Successful exploitation can result in session hijacking, admin action forgery, and data theft.
Recommendations
Update to version 1.53.2.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Forminator