| CVE-2024-2542 | Jotform Online Forms <= 1.3.1 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode | jotform | Online Forms — Customizable Payment, Contact, Quiz, Survey Form Builder – Jotform | Medium | 6.4 | 2024-05-02 16:52:25 | Deep Dive |
| CVE-2024-3649 | Contact Form by WPForms – Drag & Drop Form Builder for WordPress <= 1.8.7.2 - Unauthenticated Price Manipulation | smub | WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More | Medium | 5.3 | 2024-05-02 16:52:13 | Deep Dive |
| CVE-2024-1945 | ARForms Form Builder <= 1.6.4 - Missing Authorization to Authenticated(Subscriber+) Arbitrary Option Deletion | reputeinfosystems | Contact Form, Survey, Quiz & Popup Form Builder – ARForms | High | 7.1 | 2024-05-02 16:51:41 | Deep Dive |
| CVE-2024-2258 | Form Maker by 10Web <= 1.15.24 - Authenticated (Subscriber+) Stored Self-Based Cross-Site Scripting | 10web | Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder | Medium | 4.4 | 2024-04-27 03:33:35 | Deep Dive |
| CVE-2024-32534 | WordPress Form Maker plugin <= 1.15.23 - Cross Site Scripting (XSS) vulnerability | 10Web Form Builder Team | Form Maker by 10Web | Medium | 5.9 | 2024-04-17 08:44:16 | Deep Dive |
| CVE-2024-31272 | WordPress ARForms Form Builder plugin <= 1.6.1 - Cross Site Request Forgery (CSRF) vulnerability | Repute InfoSystems | ARForms Form Builder | Medium | 6.3 | 2024-04-12 12:38:41 | Deep Dive |
| CVE-2024-2198 | Contact Form by BestWebSoft <= 4.2.8 - Reflected Cross-Site Scripting via cntctfrm_contact_address | bestwebsoft | Contact Form by BestWebSoft – Advanced WP Contact Form Builder for WordPress | Medium | 6.1 | 2024-04-09 18:58:51 | Deep Dive |
| CVE-2024-2112 | Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder <= 1.15.22 - Sensitive Information Exposure | 10web | Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder | Medium | 5.9 | 2024-04-09 18:58:50 | Deep Dive |
| CVE-2024-1794 | Forminator <= 1.29.0 - Unauthenticated Stored Cross-Site Scripting via File Upload | wpmudev | Forminator Forms – Contact Form, Payment Form & Custom Form Builder | High | 7.2 | 2024-04-09 18:58:39 | Deep Dive |
| CVE-2024-2200 | Contact Form by BestWebSoft <= 4.2.8 - Reflected Cross-Site Scripting via cntctfrm_contact_subject | bestwebsoft | Contact Form by BestWebSoft – Advanced WP Contact Form Builder for WordPress | Medium | 6.1 | 2024-04-09 18:58:39 | Deep Dive |
| CVE-2024-3053 | Forminator – Contact Form, Payment Form & Custom Form Builder <= 1.29.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via forminator_form Shortcode | wpmudev | Forminator Forms – Contact Form, Payment Form & Custom Form Builder | Medium | 6.4 | 2024-04-09 18:58:35 | Deep Dive |
| CVE-2024-2791 | Metform Elementor Contact Form Builder <= 3.8.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Widgets | roxnor | MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor | Medium | 6.4 | 2024-04-02 05:32:49 | Deep Dive |
| CVE-2024-30535 | WordPress Easy Form Builder plugin <= 3.7.4 - SQL Injection vulnerability | WhiteStudio | Easy Form Builder | High | 8.5 | 2024-03-31 18:16:33 | Deep Dive |
| CVE-2024-2108 | Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress <= 3.8.0 - Authenticated (Author+) Stored Cross-Site Scripting | kstover | Ninja Forms – The Contact Form Builder That Grows With You | Medium | 4.6 | 2024-03-29 06:44:01 | Deep Dive |
| CVE-2024-2113 | Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress <= 3.8.0 - Cross-Site Request Forgery to Publicly Accessible Form Submission Export | kstover | Ninja Forms – The Contact Form Builder That Grows With You | Medium | 4.3 | 2024-03-29 06:43:58 | Deep Dive |
| CVE-2023-52214 | WordPress Void Contact Form 7 Widget For Elementor Page Builder plugin <= 2.3 - Broken Access Control vulnerability | voidCoders | Void Contact Form 7 Widget For Elementor Page Builder | Medium | 4.3 | 2024-03-26 12:37:57 | Deep Dive |
| CVE-2024-25593 | WordPress NEX-Forms plugin <= 8.5.5 - Cross Site Scripting (XSS) vulnerability | Basix | NEX-Forms – Ultimate Form Builder | Medium | 6.5 | 2024-03-15 13:57:46 | Deep Dive |
| CVE-2023-6957 | Fluent Forms <= 5.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting | techjewel | Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder | Medium | 4.9 | 2024-03-13 15:27:25 | Deep Dive |
| CVE-2024-1793 | AWeber – Free Sign Up Form and Landing Page Builder Plugin for Lead Generation and Email Newsletter Growth By AWeber <= 7.3.14 - Authenticated (Admin+) SQL Injection | aweber | AWeber – Free Sign Up Form and Landing Page Builder Plugin for Lead Generation and Email Newsletter Growth | High | 7.2 | 2024-03-13 15:27:24 | Deep Dive |
| CVE-2024-1640 | Contact Form Builder Plugin: Multi Step Contact Form, Payment Form, Custom Contact Form Plugin by Bit Form <= 2.10.1 - Unauthenticated Insecure Direct Object Reference to Form Submission Alteration | bitpressadmin | Bit Form – Custom Contact Form, Multi Step, Conversational Form & Payment Form builder | Medium | 5.3 | 2024-03-13 15:26:47 | Deep Dive |