CVE-2025-7638 | Forminator Forms Plugin up to 1.45.0 on WordPress order_by sql injection

July 17, 2025 Yanac

A vulnerability was found in Forminator Forms Plugin up to 1.45.0 on WordPress. It has been classified as critical. This affects an unknown part. The manipulation of the argument order_by leads to sql injection.

This vulnerability is uniquely identified as CVE-2025-7638. It is possible to initiate the attack remotely. There is no exploit available.VulDB Recent EntriesRead More

CVE-2025-5811 | Listly Plugin up to 2.7 on WordPress Init denial of service
CVE-2025-6813 | aapanel WP Toolkit Plugin up to 1.0/1.1 on WordPress auto_login authorization