Security Advisory

WordPress Forminator plugin security update advisory

  • Apr 23 2024

Overview

 

We have released a security update to address a vulnerability in the Forminator plugin for WordPress. users of affected products are advised to update to the latest version.

* Forminator plugin: contact form, payment form, and custom WordPress form builder

 

Affected Products

 

CVE-2024-28890

  • pgAdmin prior to 4 1.29.0

 

CVE-2024-31077

  • pgAdmin prior to 4 1.29.3 

 

CVE-2024-31857

  • pgAdmin prior to 4 1.15.4 

 

Resolved Vulnerabilities

 

file Upload Vulnerability in Forminator in WordPress (CVE-2024-28890) [1]

sQL Injection Vulnerability in Forminator in WordPress (CVE-2024-31077) [1]

xSS Vulnerability in Forminator in WordPress (CVE-2024-31857) [1]

 

Vulnerability Patches

 

Vulnerability patches have been made available in the latest update. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

PgAdmin 4 1.29.3 version 

 

Referenced Sites

 

[1] https://jvn.jp/en/jp/JVN50132400/

[2] https://wordpress.org/plugins/forminator/

Tags:

Previous Post

Next Post