| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2024-13450 | Contact Form by Bit Form <= 2.17.4 - Authenticated (Administrator+) Server-Side Request Forgery | bitpressadmin | Bit Form – Custom Contact Form, Multi Step, Conversational Form & Payment Form builder | Low | 3.8 | 2025-01-25 08:23:16 | Deep Dive |
| CVE-2025-24726 | WordPress Contact Form 7 Widget plugin <= 1.2.1 - Stored Cross Site Scripting (XSS) vulnerability | HT Plugins | HT Contact Form 7 | Medium | 6.5 | 2025-01-24 17:25:17 | Deep Dive |
| CVE-2025-24723 | WordPress Booking Calendar Contact Form Plugin <= 1.2.55 - Stored Cross Site Scripting (XSS) vulnerability | codepeople | Booking Calendar Contact Form | Medium | 5.9 | 2025-01-24 17:25:13 | Deep Dive |
| CVE-2025-24727 | WordPress Contact Form to Email Plugin <= 1.3.52 - Cross Site Scripting (XSS) vulnerability | codepeople | Contact Form Email | Medium | 5.9 | 2025-01-24 17:25:09 | Deep Dive |
| CVE-2025-23812 | WordPress Contact Form 7 Round Robin Lead Distribution Plugin <= 1.2.1 - Reflected Cross Site Scripting (XSS) vulnerability | David Jeffrey | Contact Form 7 Round Robin Lead Distribution | High | 7.1 | 2025-01-22 14:32:13 | Deep Dive |
| CVE-2025-23784 | WordPress Contact Form 7 Round Robin Lead Distribution Plugin <= 1.2.1 - SQL Injection vulnerability | David Jeffrey | Contact Form 7 Round Robin Lead Distribution | 高危 | - | 2025-01-22 14:29:22 | Deep Dive |
| CVE-2025-23862 | WordPress Contact Form 7 Anti Spambot plugin <= 1.0.1 - Broken Access Control vulnerability | SzMake | Contact Form 7 Anti Spambot | Medium | 5.3 | 2025-01-16 20:07:24 | Deep Dive |
| CVE-2025-23623 | WordPress Contact Form 7 – CCAvenue Add-on plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability | Mahesh Bisen | Contact Form 7 – CCAvenue Add-on | High | 7.1 | 2025-01-16 20:06:28 | Deep Dive |
| CVE-2025-22761 | WordPress Ajax Contact Form plugin <= 1.4.1 - Stored Cross Site Scripting (XSS) vulnerability | Olaf Lederer | Ajax Contact Form | Medium | 6.5 | 2025-01-15 15:23:24 | Deep Dive |
| CVE-2025-22795 | WordPress Multilang Contact Form Plugin <= 1.5 - Reflected Cross Site Scripting (XSS) vulnerability | digitaldonkey | Multilang Contact Form | High | 7.1 | 2025-01-15 15:23:06 | Deep Dive |
| CVE-2024-12423 | Contact Form 7 Redirect & Thank You Page <= 1.0.7 - Reflected Cross-Site Scripting | scottpaterson | Business Essentials for Contact Form 7 | Medium | 6.1 | 2025-01-15 09:25:55 | Deep Dive |
| CVE-2024-12587 | Contact Form Master <= 1.0.7 - Reflected XSS | Unknown | Contact Form Master | 中危 | - | 2025-01-11 06:00:03 | Deep Dive |
| CVE-2025-22295 | WordPress Tripetto plugin <= 8.0.6 - Cross Site Scripting (XSS) vulnerability | Tripetto | WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto | 中危 | - | 2025-01-09 15:39:33 | Deep Dive |
| CVE-2024-12112 | Easy Form Builder <= 3.8.8 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting | hassantafreshi | Easy Form Builder by WhiteStudio — Drag & Drop Form Builder | Medium | 6.4 | 2025-01-08 03:18:11 | Deep Dive |
| CVE-2024-12532 | BWD Elementor Addons <= 4.3.18 - Authenticated (Contributor+) Sensitive Information Exposure via Elementor Templates | bestwpdeveloper | BWD Elementor Addons | Medium | 4.3 | 2025-01-07 11:11:12 | Deep Dive |
| CVE-2024-56276 | WordPress WPForms Lite plugin <= 1.9.2.2 - Broken Access Control vulnerability | Syed Balkhi | Contact Form by WPForms | Medium | 4.3 | 2025-01-07 10:49:25 | Deep Dive |
| CVE-2025-22351 | WordPress Contact Form 7 Database – CFDB7 plugin <= 1.0.0 - SQL Injection vulnerability | penguinarts | Contact Form 7 Database – CFDB7 | High | 7.6 | 2025-01-07 10:48:40 | Deep Dive |
| CVE-2024-12419 | Design for Contact Form 7 Style WordPress Plugin – CF7 WOW Styler <= 1.7.1 - Unauthenticated Arbitrary Shortcode Execution and Reflected Cross-Site Scripting | tobias_conrad | WOW Styler for CF7 – Visual Styler for Contact Form 7 Forms | Medium | 6.5 | 2025-01-07 03:21:56 | Deep Dive |
| CVE-2023-47693 | WordPress Ultimate Addons for Contact Form 7 plugin <= 3.2.6 - Broken Access Control vulnerability | Themefic | Ultimate Addons for Contact Form 7 | 中危 | - | 2025-01-02 12:00:39 | Deep Dive |
| CVE-2024-56002 | WordPress Contact Form, Survey & Form Builder – MightyForms plugin <= 1.3.9 - Broken Access Control vulnerability | mightyforms | Contact Form, Survey & Form Builder – MightyForms | Medium | 6.4 | 2024-12-31 13:50:18 | Deep Dive |