| CVE-2025-28864 | WordPress Builder for Contact Form 7 by Webconstruct plugin <= 1.2.2 - Cross Site Request Forgery (CSRF) vulnerability | Planet Studio | Builder for Contact Form 7 by Webconstruct | Medium | 4.3 | 2025-03-11 21:00:35 | Deep Dive |
| CVE-2025-0469 | Forminator <= 1.39.2 - Authenticated (Contributor+) Stored Cross-Site Scripting | wpmudev | Forminator Forms – Contact Form, Payment Form & Custom Form Builder | Medium | 6.4 | 2025-02-27 04:21:44 | Deep Dive |
| CVE-2025-26962 | WordPress Contact Form Plugin plugin <= 1.1.25 - Cross Site Scripting (XSS) vulnerability | GhozyLab | Easy Contact Form Lite | Medium | 6.5 | 2025-02-25 14:17:57 | Deep Dive |
| CVE-2025-1128 | Everest Forms <= 3.0.9.4 - Unauthenticated Arbitrary File Upload, Read, and Deletion | wpeverest | Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form Builder | Critical | 9.8 | 2025-02-25 06:58:31 | Deep Dive |
| CVE-2025-27304 | WordPress Contact Form 7 Star Rating with font Awesome plugin <= 1.3 - Cross Site Scripting (XSS) vulnerability | themelogger | Contact Form 7 Star Rating with font Awesome | Medium | 5.9 | 2025-02-24 14:48:55 | Deep Dive |
| CVE-2025-27303 | WordPress Contact Form 7 Star Rating plugin <= 1.10 - Cross Site Scripting (XSS) vulnerability | themelogger | Contact Form 7 Star Rating | Medium | 5.9 | 2025-02-24 14:48:54 | Deep Dive |
| CVE-2025-24564 | WordPress Contact Form With Shortcode plugin <= 4.2.5 - Reflected Cross Site Scripting (XSS) vulnerability | aviplugins.com | Contact Form With Shortcode | High | 7.1 | 2025-02-14 12:44:34 | Deep Dive |
| CVE-2025-23658 | WordPress Advanced Angular Contact Form plugin <= 1.1.0 - Reflected Cross Site Scripting (XSS) vulnerability | Tauhidul Alam | Advanced Angular Contact Form | High | 7.1 | 2025-02-14 12:44:31 | Deep Dive |
| CVE-2025-23655 | WordPress Contact Form 7 – Paystack Add-on plugin <= 1.2.3 - Reflected Cross Site Scripting (XSS) vulnerability | crystalwebpro | Contact Form 7 – Paystack Add-on | High | 7.1 | 2025-02-14 12:44:31 | Deep Dive |
| CVE-2024-13829 | WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto <= 8.0.8 - Unauthenticated Sensitive Information Exposure | tripetto | WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto | Medium | 5.3 | 2025-02-05 05:22:32 | Deep Dive |
| CVE-2024-13403 | WPForms Lite <= 1.9.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via fieldHTML Parameter | smub | WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More | Medium | 6.4 | 2025-02-04 08:21:07 | Deep Dive |
| CVE-2024-12267 | Drag and Drop Multiple File Upload – Contact Form 7 <= 1.3.8.5 - Limited Arbitrary File Deletion | glenwpcoder | Drag and Drop Multiple File Upload for Contact Form 7 | Medium | 5.3 | 2025-01-31 11:11:09 | Deep Dive |
| CVE-2024-13717 | Contact Form and Calls To Action by vcita <= 2.7.1 - Missing Authorization to Authenticated (Subscriber+) Contact/Widget Toggle | vcita | Contact Form and Calls To Action by vcita | Medium | 4.3 | 2025-01-31 05:22:34 | Deep Dive |
| CVE-2024-11886 | Contact Form and Calls To Action by vcita <= 2.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting | vcita | Contact Form and Calls To Action by vcita | Medium | 6.4 | 2025-01-31 05:22:34 | Deep Dive |
| CVE-2025-0470 | Forminator <= 1.38.2 - Reflected Cross-Site Scripting via Title Parameter | wpmudev | Forminator Forms – Contact Form, Payment Form & Custom Form Builder | Medium | 6.1 | 2025-01-31 03:21:29 | Deep Dive |
| CVE-2024-13453 | Contact Form & SMTP Plugin for WordPress by PirateForms <= 2.6.0 - Unauthenticated Arbitrary Shortcode Execution | smub | Contact Form & SMTP Plugin for WordPress by PirateForms | High | 7.3 | 2025-01-30 11:10:20 | Deep Dive |
| CVE-2024-13758 | CP Contact Form with PayPal <= 1.3.52 - Cross-Site Request Forgery | codepeople | CP Contact Form with PayPal | Medium | 6.5 | 2025-01-30 08:21:26 | Deep Dive |
| CVE-2024-13470 | Ninja Forms – The Contact Form Builder That Grows With You <= 3.8.24 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | kstover | Ninja Forms – The Contact Form Builder That Grows With You | Medium | 6.4 | 2025-01-30 07:23:05 | Deep Dive |
| CVE-2024-13509 | WS Form LITE and PRO <= 1.10.13 - Unauthenticated Stored Cross-Site Scripting | westguard | WS Form LITE – Drag & Drop Contact Form Builder | High | 7.2 | 2025-01-28 06:38:42 | Deep Dive |
| CVE-2025-24708 | WordPress WP Dynamics CRM plugin <= 1.1.6 - Reflected Cross Site Scripting (XSS) vulnerability | CRM Perks | WP Dynamics CRM for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms | High | 7.1 | 2025-01-27 14:22:18 | Deep Dive |