PatchSiren

WPMU DEV - Your All-in-One WordPress Platform CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

HIGH WPMU DEV - Your All-in-One WordPress Platform CVE published 2026-07-13

CVE-2026-57815

A Path Traversal vulnerability was discovered in the Forminator plugin, affecting versions up to and including 1.55.0.2. This issue allows attackers to download arbitrary files, potentially leading to sensitive information disclosure. The vulnerability has a CVSS score of 7.5 and is considered high severity. Administrators and users of WordPress sites utilizing the Forminator plugin should be aware of thi [truncated]

HIGH WPMU DEV - Your All-in-One WordPress Platform CVE published 2026-07-13

CVE-2026-57814

CVE-2026-57814 is a HIGH severity vulnerability in the Forminator plugin for WordPress, allowing DOM-Based XSS attacks. The issue affects Forminator versions from n/a through <= 1.55.0.1. This type of vulnerability can lead to unauthorized JavaScript execution in the context of a user's browser, potentially resulting in account takeovers, data theft, or other malicious activities. WordPress site administr [truncated]