| CVE-2025-14901 | Bit Form – Contact Form Plugin <= 2.21.6 - Missing Authorization to Unauthenticated Workflow Replay | bitpressadmin | Bit Form – Custom Contact Form, Multi Step, Conversational Form & Payment Form builder | Medium | 6.5 | 2026-01-07 06:35:58 | Deep Dive |
| CVE-2025-12761 | Simple multi step form - Moderately critical - Cross-site Scripting - SA-CONTRIB-2025-116 | Drupal | Simple multi step form | - | - | 2025-11-18 16:56:14 | Deep Dive |
| CVE-2025-10732 | SureForms – Drag and Drop Form Builder for WordPress <= 1.12.1 - Missing Authorization to Authenticated (Contributor+) Information Disclosure | brainstormforce | SureForms – Contact Form, Payment Form & Other Custom Form Builder | Medium | 4.3 | 2025-10-14 05:24:58 | Deep Dive |
| CVE-2025-10489 | SureForms – Drag and Drop Form Builder for WordPress <= 1.12.0 - Missing Authorization to Authenticated (Contributor+) Form Creation | brainstormforce | SureForms – Contact Form, Payment Form & Other Custom Form Builder | Medium | 4.3 | 2025-09-20 04:27:55 | Deep Dive |
| CVE-2025-9515 | Multi Step Form <= 1.7.25 - Authenticated (Admin+) Arbitrary File Upload | mondula2016 | Multi Step Form | High | 7.2 | 2025-09-06 02:24:18 | Deep Dive |
| CVE-2025-6679 | Contact Form by Bit Form - Bit Form <= 2.20.3 - Unauthenticated Arbitrary File Upload | bitpressadmin | Bit Form – Custom Contact Form, Multi Step, Conversational Form & Payment Form builder | Critical | 9.8 | 2025-08-15 06:40:43 | Deep Dive |
| CVE-2024-13451 | Contact Form by Bit Form <= 2.17.5 - Unauthenticated Sensitive Information Exposure | bitpressadmin | Bit Form – Custom Contact Form, Multi Step, Conversational Form & Payment Form builder | Medium | 5.3 | 2025-07-02 05:29:18 | Deep Dive |
| CVE-2025-2580 | Contact Form by Bit Form <= 2.18.3 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload | bitpressadmin | Bit Form – Custom Contact Form, Multi Step, Conversational Form & Payment Form builder | Medium | 4.9 | 2025-04-25 05:25:06 | Deep Dive |
| CVE-2024-13450 | Contact Form by Bit Form <= 2.17.4 - Authenticated (Administrator+) Server-Side Request Forgery | bitpressadmin | Bit Form – Custom Contact Form, Multi Step, Conversational Form & Payment Form builder | Low | 3.8 | 2025-01-25 08:23:16 | Deep Dive |
| CVE-2024-12427 | Multi Step Form <= 1.7.23 - Missing Authorization to Unauthenticated Limited File Upload | mondula2016 | Multi Step Form | Medium | 5.3 | 2025-01-16 09:39:16 | Deep Dive |
| CVE-2024-11826 | Quill Forms | The Best Typeform Alternative | Create Conversational Multi Step Form, Survey, Quiz, Cost Estimation or Donation Form on WordPress <= 3.10.0 - Authenticated (Contributor+) Stored Cross-Site Scripting | mdmag | Quill Forms | Conversational Multi Step Forms, Surveys & quizzes | Medium | 6.4 | 2025-01-07 11:11:12 | Deep Dive |
| CVE-2024-12190 | Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder <= 2.17.3 - Missing Authorization to Authenticated (Subscriber+) Form Submission Disclosure | bitpressadmin | Bit Form – Custom Contact Form, Multi Step, Conversational Form & Payment Form builder | Medium | 4.3 | 2024-12-25 03:21:32 | Deep Dive |
| CVE-2024-10587 | Funnelforms Free <= 3.7.5.1 - Authenticated (Contributor+) PHP Object Injection | funnelforms | Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free | High | 8.8 | 2024-12-04 02:40:25 | Deep Dive |
| CVE-2024-50428 | WordPress Multi Step Form plugin <= 1.7.21 - Broken Access Control vulnerability | mondula2016 | Multi Step Form | Medium | 4.3 | 2024-10-29 21:10:54 | Deep Dive |
| CVE-2022-4974 | Freemius SDK <= 2.4.2 - Missing Authorization Checks | dashlabsltd | YASR – Yet Another Star Rating Plugin for WordPress | Medium | 6.3 | 2024-10-16 06:43:30 | Deep Dive |
| CVE-2024-47331 | WordPress Multi Step for Contact Form plugin <= 2.7.7 - Unauthenticated SQL Injection vulnerability | Ninja Team | Multi Step for Contact Form | Critical | 9.3 | 2024-10-11 18:20:06 | Deep Dive |
| CVE-2024-9507 | Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder <= 2.15.2 - Authenticated (Administrator+) Improper Input Validation via iconUpload Function to Arbitrary File Read | bitpressadmin | Bit Form – Custom Contact Form, Multi Step, Conversational Form & Payment Form builder | Medium | 4.9 | 2024-10-11 07:37:46 | Deep Dive |
| CVE-2024-5857 | Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free <= 3.7.3.2 - Missing Authorization to Unauthenticated Arbitrary Media Deletion | funnelforms | Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free | Medium | 5.3 | 2024-08-29 03:30:45 | Deep Dive |
| CVE-2024-7447 | Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free <= 3.7.3.2 - Missing Authorization to Unauthenticated Arbitrary Media Upload | funnelforms | Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free | Medium | 5.3 | 2024-08-28 11:31:25 | Deep Dive |
| CVE-2024-6311 | Funnelforms Free <= 3.7.3.2 - Authenticated (Administrator+) Arbitrary File Upload | funnelforms | Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free | High | 7.2 | 2024-08-28 06:43:31 | Deep Dive |