| CVE-2025-32679 | WordPress User Registration Using Contact Form 7 plugin <= 2.4 - Cross Site Request Forgery (CSRF) vulnerability | ZealousWeb | User Registration Using Contact Form 7 | Medium | 5.4 | 2025-04-09 16:09:14 | Deep Dive |
| CVE-2025-2883 | Accept SagePay Payments Using Contact Form 7 <= 2.0 - Unauthenticated Information Exposure | zealopensource | Accept SagePay Payments Using Contact Form 7 | Medium | 5.3 | 2025-04-08 09:21:20 | Deep Dive |
| CVE-2025-32269 | WordPress WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms Plugin <= 1.1.3 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability | CRM Perks | WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms | Medium | 4.3 | 2025-04-04 15:59:43 | Deep Dive |
| CVE-2025-32126 | WordPress Pay with Contact Form 7 Plugin <= 1.0.4 - SQL Injection vulnerability | cmsMinds | Pay with Contact Form 7 | High | 7.6 | 2025-04-04 15:58:25 | Deep Dive |
| CVE-2025-31582 | WordPress Contact Form vCard Generator plugin <= 2.4 - Cross Site Scripting (XSS) vulnerability | Ashish Ajani | Contact Form vCard Generator | High | 7.1 | 2025-04-03 13:27:12 | Deep Dive |
| CVE-2025-31821 | WordPress Integration of Zoho CRM and Contact Form 7 plugin <= 1.0.6 - Open Redirection Vulnerability | formsintegrations | Integration of Zoho CRM and Contact Form 7 | Medium | 4.7 | 2025-04-01 14:51:46 | Deep Dive |
| CVE-2025-2485 | Drag and Drop Multiple File Upload for Contact Form 7 <= 1.3.8.7 - Unauthenticated PHP Object Injection via PHAR to Arbitrary File Deletion | glenwpcoder | Drag and Drop Multiple File Upload for Contact Form 7 | High | 7.5 | 2025-03-28 06:51:46 | Deep Dive |
| CVE-2025-2328 | Drag and Drop Multiple File Upload for Contact Form 7 <= 1.3.8.7 - Unauthenticated Arbitrary File Deletion | glenwpcoder | Drag and Drop Multiple File Upload for Contact Form 7 | High | 8.8 | 2025-03-28 06:51:45 | Deep Dive |
| CVE-2025-31101 | WordPress VaultRE Contact Form 7 plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability | Vault Group Pty Ltd | VaultRE Contact Form 7 | Medium | 5.9 | 2025-03-27 22:25:04 | Deep Dive |
| CVE-2025-30863 | WordPress Integration for Google Sheets and Contact Form 7, WPForms, Elementor, Ninja Forms plugin <= 1.0.9 - Cross Site Request Forgery (CSRF) vulnerability | CRM Perks | Integration for Google Sheets and Contact Form 7, WPForms, Elementor, Ninja Forms | Medium | 4.3 | 2025-03-27 10:55:33 | Deep Dive |
| CVE-2025-26560 | WordPress WP Contact Form III Plugin <= 1.6.2d - Reflected Cross Site Scripting (XSS) vulnerability | KKWangen | WP Contact Form III | High | 7.1 | 2025-03-26 14:24:19 | Deep Dive |
| CVE-2025-26544 | WordPressUTM tags + Landing page plugin <= 1.4 - CSRF to Stored XSS vulnerability | Max K | UTM tags tracking for Contact Form 7 | High | 7.1 | 2025-03-26 14:24:19 | Deep Dive |
| CVE-2024-11273 | Contact Form & SMTP Plugin for WordPress by PirateForms < 2.6.0 - Admin+ Stored XSS | Unknown | Contact Form & SMTP Plugin for WordPress by PirateForms | 中危 | - | 2025-03-25 06:00:10 | Deep Dive |
| CVE-2024-11272 | Contact Form & SMTP Plugin for WordPress by PirateForms < 2.6.0 - Admin+ Stored XSS | Unknown | Contact Form & SMTP Plugin for WordPress by PirateForms | 中危 | - | 2025-03-25 06:00:10 | Deep Dive |
| CVE-2025-30522 | WordPress Contact Form 7 Material Design plugin <= 1.0.0 - CSRF to Stored XSS vulnerability | Damian Orzol | Contact Form 7 Material Design | High | 7.1 | 2025-03-24 13:46:37 | Deep Dive |
| CVE-2024-13666 | Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder <= 5.2.12 - IP-Spoofing | techjewel | Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder | Medium | 5.3 | 2025-03-22 08:24:18 | Deep Dive |
| CVE-2025-1530 | Tripetto <= 8.0.9 - Cross-Site Request Forgery to Arbitrary Results Deletion | tripetto | WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto | Medium | 4.3 | 2025-03-15 11:13:29 | Deep Dive |
| CVE-2024-13497 | WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto <= 8.0.9 - Unauthenticated Stored Cross-Site Scripting | tripetto | WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto | High | 7.2 | 2025-03-15 04:22:08 | Deep Dive |
| CVE-2024-13498 | NEX-Forms – Ultimate Form Builder – Contact forms and much more <= 8.8.1 - Unauthenticated Sensitive Information Exposure | webaways | NEX-Forms – Ultimate Forms Plugin for WordPress | Medium | 5.3 | 2025-03-12 05:22:52 | Deep Dive |
| CVE-2025-28902 | WordPress Contact Form 7 Select Box Editor Button plugin <= 0.6 - Cross Site Request Forgery (CSRF) vulnerability | Benjamin Pick | Contact Form 7 Select Box Editor Button | Medium | 4.3 | 2025-03-11 21:00:53 | Deep Dive |