| CVE-2024-1585 | Metform Elementor Contact Form Builder <= 3.8.3 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode | roxnor | MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor | Medium | 6.4 | 2024-03-13 15:26:42 | Deep Dive |
| CVE-2024-0386 | weForms <= 1.6.21 - Unauthenticated Stored Cross-Site Scripting via Referer | boldgrid | weForms – Easy Drag & Drop Contact Form Builder For WordPress | High | 7.2 | 2024-03-12 21:34:34 | Deep Dive |
| CVE-2024-1218 | Contact Form builder with drag & drop for WordPress – Kali Forms <= 2.3.41 - Missing Authorization | wpchill | Kali Forms — Contact Form & Drag-and-Drop Builder | Medium | 4.3 | 2024-02-20 18:56:50 | Deep Dive |
| CVE-2024-1217 | Contact Form builder with drag & drop for WordPress – Kali Forms <= 2.3.41 - Missing Authorization to Arbitrary Plugin Deactivation | wpchill | Kali Forms — Contact Form & Drag-and-Drop Builder | High | 7.6 | 2024-02-20 18:56:35 | Deep Dive |
| CVE-2024-0660 | Formidable Forms <= 6.7.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting | strategy11team | Formidable Forms – Contact Form Plugin, Survey, Quiz, Payment, Calculator Form & Custom Form Builder | Medium | 6.1 | 2024-02-05 21:21:59 | Deep Dive |
| CVE-2024-0685 | Ninja Forms Contact Form <= 3.7.1 - Unauthenticated Second Order SQL Injection | kstover | Ninja Forms – The Contact Form Builder That Grows With You | Medium | 5.9 | 2024-02-02 04:32:35 | Deep Dive |
| CVE-2023-51536 | WordPress CRM Perks Forms Plugin <= 1.1.2 is vulnerable to Cross Site Scripting (XSS) | CRM Perks | CRM Perks Forms – WordPress Form Builder | Medium | 5.9 | 2024-02-01 10:25:54 | Deep Dive |
| CVE-2024-1129 | NEX-Forms – Ultimate Form Builder – Contact forms and much more <= 8.5.6 - Missing Authorization via set_starred() | webaways | NEX-Forms – Ultimate Forms Plugin for WordPress | Medium | 5.3 | 2024-02-01 04:31:55 | Deep Dive |
| CVE-2024-1130 | NEX-Forms – Ultimate Form Builder – Contact forms and much more <= 8.5.6 - Missing Authorization via set_read() | webaways | NEX-Forms – Ultimate Forms Plugin for WordPress | Medium | 5.3 | 2024-02-01 04:31:55 | Deep Dive |
| CVE-2024-0907 | NEX-Forms – Ultimate Form Builder – Contact forms and much more <= 8.5.6 - Missing Authorization via restore_records() | webaways | NEX-Forms – Ultimate Forms Plugin for WordPress | Medium | 5.3 | 2024-02-01 04:31:54 | Deep Dive |
| CVE-2024-22305 | WordPress Contact Form builder with drag & drop - Kali Forms Plugin <= 2.3.36 is vulnerable to Insecure Direct Object References (IDOR) | ali Forms | Contact Form builder with drag & drop for WordPress – Kali Forms | High | 7.5 | 2024-01-31 11:49:29 | Deep Dive |
| CVE-2024-0618 | Fluent Forms <= 5.1.5 - Authenticated(Administrator+) Stored Cross-Site Scripting via imported form title | techjewel | Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder | Medium | 4.4 | 2024-01-27 05:38:22 | Deep Dive |
| CVE-2024-0667 | Form-Maker (twb_form-maker) <= 1.15.21 - Cross-Site Request Forgery to Limited Code Execution via Execute | 10web | Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder | Medium | 5.4 | 2024-01-27 03:32:46 | Deep Dive |
| CVE-2022-23179 | Contact Form & Lead Form Elementor Builder < 1.7.0 - Multiple Admin+ Stored Cross-Site Scripting | Unknown | Contact Form & Lead Form Elementor Builder | 中危 | - | 2024-01-16 15:52:09 | Deep Dive |
| CVE-2022-23180 | Contact Form & Lead Form Elementor Builder Plugin < 1.7.4 - Multiple Subscriber+ Settings Update | Unknown | Contact Form & Lead Form Elementor Builder | 中危 | - | 2024-01-16 15:52:09 | Deep Dive |
| CVE-2022-0402 | Superforms < 6.0.4 - Reflected Cross-Site Scripting | Unknown | Super Forms - Drag & Drop Form Builder | 中危 | - | 2024-01-16 15:51:01 | Deep Dive |
| CVE-2023-6828 | ARForms <= 1.5.8 - Unauthenticated Stored Cross-Site Scripting via arf_http_referrer_url | reputeinfosystems | Contact Form, Survey, Quiz & Popup Form Builder – ARForms | High | 7.2 | 2024-01-11 08:32:38 | Deep Dive |
| CVE-2023-6830 | Formidable Forms <= 6.7 - HTML Injection | strategy11team | Formidable Forms – Contact Form Plugin, Survey, Quiz, Payment, Calculator Form & Custom Form Builder | Medium | 6.5 | 2024-01-09 06:41:01 | Deep Dive |
| CVE-2023-6842 | Formidable Forms <= 6.7 - Authenticated (Administrator+) Stored Cross-Site Scripting | strategy11team | Formidable Forms – Contact Form Plugin, Survey, Quiz, Payment, Calculator Form & Custom Form Builder | Medium | 4.4 | 2024-01-09 06:41:00 | Deep Dive |
| CVE-2023-6788 | Metform Elementor Contact Form Builder <= 3.8.1 - Cross-Site Request Forgery | roxnor | MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor | Medium | 5.4 | 2024-01-09 03:31:31 | Deep Dive |