CVE-2024-9352 – This CSRF vulnerability in the Forminator WordP... (How to Fix)

Q: What is the severity of CVE-2024-9352?

CVE-2024-9352 has a CVSS score of 4.3 (MEDIUM). This CSRF vulnerability in the Forminator WordPress plugin allows unauthenticated attackers to create draft forms by tricking administrators into clicking malicious links. All WordPress sites using Forminator versions up to 1.35.1 are affected. The attack requires social engineering to get an administrator to perform an action.

📋 TL;DR

This CSRF vulnerability in the Forminator WordPress plugin allows unauthenticated attackers to create draft forms by tricking administrators into clicking malicious links. All WordPress sites using Forminator versions up to 1.35.1 are affected. The attack requires social engineering to get an administrator to perform an action.

💻 Affected Systems

Products:

Forminator Forms – Contact Form, Payment Form & Custom Form Builder for WordPress

Versions: All versions up to and including 1.35.1

Operating Systems: Any OS running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: All WordPress installations with vulnerable Forminator versions are affected regardless of configuration.

📦 What is this software?

Forminator Forms by Wpmudev

View all CVEs affecting Forminator Forms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could create malicious forms that collect sensitive user data, redirect to phishing sites, or enable further attacks through form submissions.

🟠

Likely Case

Spam forms created on the site that could damage reputation or create administrative cleanup work.

🟢

If Mitigated

No impact if proper CSRF protections are in place or administrators don't click malicious links.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires social engineering to trick administrators but technical complexity is low once the link is clicked.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.35.2 and later

Vendor Advisory: https://plugins.trac.wordpress.org/changeset/3169243/

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find Forminator plugin. 4. Click 'Update Now' if available. 5. Alternatively, download version 1.35.2+ from WordPress.org and manually update.

🔧 Temporary Workarounds

Temporary Plugin Deactivation

all

Deactivate Forminator plugin until patched

wp plugin deactivate forminator

🧯 If You Can't Patch

Implement strict Content Security Policy (CSP) headers
Use browser extensions that block CSRF attempts and educate administrators about phishing risks

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin → Plugins → Forminator → Version number. If version is 1.35.1 or lower, you are vulnerable.

Check Version:

wp plugin get forminator --field=version

Verify Fix Applied:

After updating, verify Forminator version is 1.35.2 or higher in WordPress plugins list.

📡 Detection & Monitoring

Log Indicators:

Unusual form creation events in WordPress logs
Multiple draft forms created in short timeframes

Network Indicators:

POST requests to /wp-admin/admin-ajax.php with action=forminator_create_module without proper referrer headers

SIEM Query:

source="wordpress.log" AND "forminator_create_module" AND NOT referer="*wp-admin*"

📊 Metadata

CVE ID: CVE-2024-9352

CVSS v3 Score: 4.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

CWE: CWE-352

Published: October 17, 2024

Last Updated: January 29, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-9352, you might also want to check these: