CVE-2026-2002

CVSS v3.1

4.4

Vector

AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Forminator Forms plugin for WordPress versions prior to 1.50.3

Description The Forminator Forms plugin for WordPress is susceptible to Stored Cross-Site Scripting. This is due to inadequate input sanitization and output escaping in the

form name

parameter. Successful exploitation allows authenticated attackers with administrator-level access to inject arbitrary web scripts into pages. These scripts will execute when a user accesses the compromised page. The plugin’s permission system, which allows administrators to grant form management access to lower-level users, could broaden the potential impact of this issue.

Recommendations Update the Forminator Forms plugin to version 1.50.3 or later.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2026-2002

Affected Products

Forminator Forms

CVE-2026-2002

Weakness Enumeration

Related Identifiers

Affected Products

References · 5