| CVE-2026-40764 | WordPress Contact Form by WPForms plugin <= 1.10.0.2 - Cross Site Request Forgery (CSRF) vulnerability | Syed Balkhi | Contact Form by WPForms | 中危 | - | 2026-04-15 10:21:35 | Deep Dive |
| CVE-2026-3831 | Database for Contact Form 7, WPforms, Elementor forms <= 1.4.9 - Missing Authorization to Authenticated (Contributor+) Sensitive Information Exposure via Shortcode | crmperks | Database for Contact Form 7, WPforms, Elementor forms | Medium | 4.3 | 2026-04-01 01:24:21 | Deep Dive |
| CVE-2026-32527 | WordPress WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms plugin <= 1.1.5 - Broken Access Control vulnerability | CRM Perks | WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms | 中危 | - | 2026-03-25 16:15:09 | Deep Dive |
| CVE-2026-25430 | WordPress Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms plugin <= 1.2.2 - Broken Access Control vulnerability | CRM Perks | Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms | Medium | 6.5 | 2026-03-25 16:14:49 | Deep Dive |
| CVE-2026-25339 | WordPress Contact Form by WPForms plugin <= 1.9.8.7 - Sensitive Data Exposure vulnerability | Syed Balkhi | Contact Form by WPForms | 中危 | - | 2026-03-25 16:14:42 | Deep Dive |
| CVE-2026-32446 | WordPress Contact Form by WPForms plugin <= 1.9.9.3 - Broken Access Control vulnerability | Syed Balkhi | Contact Form by WPForms | 中危 | - | 2026-03-13 11:42:21 | Deep Dive |
| CVE-2026-2599 | Database for Contact Form 7, WPforms, Elementor forms <= 1.4.7 - Unauthenticated PHP Object Injection via 'download_csv' | crmperks | Database for Contact Form 7, WPforms, Elementor forms | Critical | 9.8 | 2026-03-05 12:26:06 | Deep Dive |
| CVE-2026-2568 | WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms <= 1.1.5 - Unauthenticated Stored Cross-Site Scripting | crmperks | WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms | High | 7.2 | 2026-03-03 09:24:12 | Deep Dive |
| CVE-2025-68534 | WordPress PDF for WPForms plugin <= 6.3.0 - Broken Access Control vulnerability | add-ons.org | PDF for WPForms | Medium | 6.5 | 2026-02-20 15:46:39 | Deep Dive |
| CVE-2025-67979 | WordPress WPForms Google Sheet Connector plugin <= 4.0.1 - Remote Code Execution (RCE) vulnerability | WesternDeal | WPForms Google Sheet Connector | - | - | 2026-02-20 15:46:31 | Deep Dive |
| CVE-2025-12845 | Tablesome Table – Contact Form DB – WPForms, CF7, Gravity, Forminator, Fluent 0.5.4 - 1.2.1 - Missing Authorization to Authenticated (Subscriber+) Information Exposure and Privilege Escalation | essekia | Tablesome Table – Contact Form DB – WPForms, CF7, Gravity, Forminator, Fluent | High | 8.8 | 2026-02-19 03:25:18 | Deep Dive |
| CVE-2026-0825 | Database for Contact Form 7, WPforms, Elementor forms <= 1.4.5 - Missing Authorization to Unauthenticated Form Data Exfiltration via CSV Export | crmperks | Database for Contact Form 7, WPforms, Elementor forms | Medium | 5.3 | 2026-01-28 06:43:43 | Deep Dive |
| CVE-2020-36919 | WPForms 1.7.8 - Cross-Site Scripting (XSS) | Syed Balkhi | WPForms | Medium | 6.1 | 2026-01-13 22:55:56 | Deep Dive |
| CVE-2025-60082 | WordPress PDF for WPForms plugin <= 6.5.0 - Deserialization of untrusted data vulnerability | add-ons.org | PDF for WPForms | - | - | 2025-12-18 07:22:07 | Deep Dive |
| CVE-2025-67570 | WordPress WPForms Google Sheet Connector plugin <= 4.0.0 - Broken Access Control vulnerability | WesternDeal | WPForms Google Sheet Connector | - | - | 2025-12-09 14:14:13 | Deep Dive |
| CVE-2025-67468 | WordPress Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms plugin <= 1.4.6 - Broken Access Control vulnerability | CRM Perks | Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms | Medium | 4.3 | 2025-12-09 14:13:56 | Deep Dive |
| CVE-2025-11499 | Tablesome Table – Contact Form DB – WPForms, CF7, Gravity, Forminator, Fluent <= 1.1.32 - Unauthenticated Arbitrary File Upload | essekia | Tablesome Table – Contact Form DB – WPForms, CF7, Gravity, Forminator, Fluent | Critical | 9.8 | 2025-11-01 06:40:37 | Deep Dive |
| CVE-2025-10647 | Embed PDF for WPForms <= 1.1.5 - Authenticated (Subscriber+) Arbitrary File Upload | salzano | Embed PDF for WPForms | High | 8.8 | 2025-09-19 08:23:58 | Deep Dive |
| CVE-2025-58620 | WordPress PDF for WPForms Plugin <= 6.2.1 - Cross Site Scripting (XSS) Vulnerability | add-ons.org | PDF for WPForms | Medium | 6.5 | 2025-09-03 14:36:50 | Deep Dive |
| CVE-2025-7384 | Database for Contact Form 7, WPforms, Elementor forms <= 1.4.3 - Unauthenticated PHP Object Injection to Arbitrary File Deletion | crmperks | Database for Contact Form 7, WPforms, Elementor forms | Critical | 9.8 | 2025-08-13 04:22:57 | Deep Dive |