| CVE-2025-58989 | WordPress Dynamic Text Field For Contact Form 7 Plugin <= 1.0 - Cross Site Scripting (XSS) Vulnerability | silverplugins217 | Dynamic Text Field For Contact Form 7 | Medium | 6.5 | 2025-09-09 16:33:10 | Deep Dive |
| CVE-2025-10003 | UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WP <= 1.2.44 - Authenticated (Subscriber+) SQL Injection | stiofansisland | UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WP | Medium | 6.5 | 2025-09-06 02:24:19 | Deep Dive |
| CVE-2025-9515 | Multi Step Form <= 1.7.25 - Authenticated (Admin+) Arbitrary File Upload | mondula2016 | Multi Step Form | High | 7.2 | 2025-09-06 02:24:18 | Deep Dive |
| CVE-2025-9085 | User Registration & Membership <= 4.3.0 - Authenticated (Admin+) SQL Injection | wpeverest | User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder | Medium | 4.9 | 2025-09-06 02:24:18 | Deep Dive |
| CVE-2025-58825 | WordPress Comment Form WP – Customize Default Comment Form plugin <= 2.0.1 - Cross Site Scripting (XSS) vulnerability | Habibur Rahman | Comment Form WP – Customize Default Comment Form | Medium | 5.9 | 2025-09-05 13:45:21 | Deep Dive |
| CVE-2025-58639 | WordPress Contact Form By Mega Forms Plugin <= 1.6.1 - Broken Access Control Vulnerability | Ali Khallad | Contact Form By Mega Forms | Medium | 5.4 | 2025-09-03 14:36:57 | Deep Dive |
| CVE-2025-9260 | Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder 5.1.16 - 6.1.1 - Authenticated (Subscriber+) PHP Object Injection To Arbitrary File Read | techjewel | Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder | Medium | 6.5 | 2025-09-02 23:22:46 | Deep Dive |
| CVE-2025-9344 | UsersWP <= 1.2.42 - Authenticated (Contributor+) Stored Cross-Site Scripting | stiofansisland | UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WP | Medium | 6.4 | 2025-08-28 01:46:29 | Deep Dive |
| CVE-2025-8141 | Redirection for Contact Form 7 <= 3.2.4 - Unauthenticated Arbitrary File Deletion | themeisle | Redirection for Contact Form 7 | High | 8.8 | 2025-08-20 01:44:37 | Deep Dive |
| CVE-2025-8289 | Redirection for Contact Form 7 <= 3.2.4 - Unauthenticated PHP Object Injection via PHAR Deserialization | themeisle | Redirection for Contact Form 7 | High | 7.5 | 2025-08-20 01:44:36 | Deep Dive |
| CVE-2025-8145 | Redirection for Contact Form 7 <= 3.2.4 - Unauthenticated PHP Object Injection | themeisle | Redirection for Contact Form 7 | High | 8.8 | 2025-08-20 01:44:36 | Deep Dive |
| CVE-2025-8878 | Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress <= 4.16.4 - Unauthenticated Arbitrary Shortcode Execution | properfraction | Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress | Medium | 6.5 | 2025-08-16 11:11:24 | Deep Dive |
| CVE-2025-8464 | Drag and Drop Multiple File Upload for Contact Form 7 <= 1.3.9.0 - Directory Traversal via `wpcf7_guest_user_id` Cookie | glenwpcoder | Drag and Drop Multiple File Upload for Contact Form 7 | Medium | 5.3 | 2025-08-16 07:25:29 | Deep Dive |
| CVE-2025-6679 | Contact Form by Bit Form - Bit Form <= 2.20.3 - Unauthenticated Arbitrary File Upload | bitpressadmin | Bit Form – Custom Contact Form, Multi Step, Conversational Form & Payment Form builder | Critical | 9.8 | 2025-08-15 06:40:43 | Deep Dive |
| CVE-2025-54693 | WordPress Form Block Plugin <= 1.5.5 - Arbitrary File Upload Vulnerability | epiphyt | Form Block | Critical | 9.0 | 2025-08-14 10:34:52 | Deep Dive |
| CVE-2025-54684 | WordPress Integration for Contact Form 7 and Constant Contact Plugin plugin <= 1.1.7 - Cross Site Scripting (XSS) Vulnerability | CRM Perks | Integration for Contact Form 7 and Constant Contact | Medium | 5.9 | 2025-08-14 10:34:47 | Deep Dive |
| CVE-2025-54678 | WordPress Easy Form Builder Plugin <= 3.8.15 - SQL Injection Vulnerability | hassantafreshi | Easy Form Builder | Critical | 9.3 | 2025-08-14 10:34:43 | Deep Dive |
| CVE-2025-31007 | WordPress Billplz Addon for Contact Form 7 Plugin <= 1.2.0 - Cross Site Scripting (XSS) Vulnerability | Alvind | Billplz Addon for Contact Form 7 | High | 7.1 | 2025-08-14 10:34:28 | Deep Dive |
| CVE-2025-7384 | Database for Contact Form 7, WPforms, Elementor forms <= 1.4.3 - Unauthenticated PHP Object Injection to Arbitrary File Deletion | crmperks | Database for Contact Form 7, WPforms, Elementor forms | Critical | 9.8 | 2025-08-13 04:22:57 | Deep Dive |
| CVE-2025-8420 | Multiple Plugins by emarket-design <= Multiple Versions - Unauthenticated Limited Remote Code Execution | emarket-design | Campus Directory – Faculty, Staff & Student Directory Plugin for WordPress | High | 8.1 | 2025-08-06 02:24:12 | Deep Dive |