| CVE-2024-13497 | WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto <= 8.0.9 - Unauthenticated Stored Cross-Site Scripting | tripetto | WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto | High | 7.2 | 2025-03-15 04:22:08 | Deep Dive |
| CVE-2024-13498 | NEX-Forms – Ultimate Form Builder – Contact forms and much more <= 8.8.1 - Unauthenticated Sensitive Information Exposure | webaways | NEX-Forms – Ultimate Forms Plugin for WordPress | Medium | 5.3 | 2025-03-12 05:22:52 | Deep Dive |
| CVE-2025-22212 | Extension - tassos.gr - SQL injection in Convert Forms component version 1.0.0-1.0.0 - 4.4.9 for Joomla | tassos.gr | Convert Forms component for Joomla | 低危 | - | 2025-03-05 15:15:52 | Deep Dive |
| CVE-2025-23904 | WordPress Rebrand Fluent Forms Plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability | rebrandpress | Rebrand Fluent Forms | High | 7.1 | 2025-03-03 13:30:21 | Deep Dive |
| CVE-2025-23763 | WordPress WAH Forms plugin <= 1.0 - Sensitive Data Exposure vulnerability | Alex Volkov | WAH Forms | Medium | 6.5 | 2025-03-03 13:30:19 | Deep Dive |
| CVE-2024-12544 | SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any complexity <= 1.12.17 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Deletion via SurveyJS_DeleteFile | devsoftbaltic | SurveyJS: Drag & Drop Form Builder | High | 8.8 | 2025-03-01 07:24:06 | Deep Dive |
| CVE-2025-0469 | Forminator <= 1.39.2 - Authenticated (Contributor+) Stored Cross-Site Scripting | wpmudev | Forminator Forms – Contact Form, Payment Form & Custom Form Builder | Medium | 6.4 | 2025-02-27 04:21:44 | Deep Dive |
| CVE-2025-1128 | Everest Forms <= 3.0.9.4 - Unauthenticated Arbitrary File Upload, Read, and Deletion | wpeverest | Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form Builder | Critical | 9.8 | 2025-02-25 06:58:31 | Deep Dive |
| CVE-2024-12038 | Frontend Content Forms for User Submissions (UGC) <= 2.8.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'buddyforms_nav' Shortcode | themekraft | Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) | Medium | 6.4 | 2025-02-22 04:21:17 | Deep Dive |
| CVE-2024-13818 | Registration Forms – User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction <= 3.8.4 - Sensitive Information Exposure via Log Files | genetechproducts | Pie Register – User Registration, Profiles & Content Restriction | Medium | 5.3 | 2025-02-21 03:21:21 | Deep Dive |
| CVE-2024-12522 | Yay! Forms | Embed Custom Forms, Surveys, and Quizzes Easily <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting | yayforms | Yay! Forms | Medium | 6.4 | 2025-02-19 07:32:08 | Deep Dive |
| CVE-2024-13725 | Keap Official Opt-in Forms <= 2.0.1 - Unauthenticated Limited Local File Inclusion | infusionsoft | Keap Official Opt-in Forms | Critical | 9.8 | 2025-02-18 04:21:16 | Deep Dive |
| CVE-2024-13603 | Wise Forms <= 1.2.0 - Unauthenticated Stored XSS | Unknown | Wise Forms | 高危 | - | 2025-02-17 06:00:01 | Deep Dive |
| CVE-2024-7052 | Forminator < 1.38.3 - Admin+ Stored XSS | Unknown | Forminator Forms | 中危 | - | 2025-02-14 06:00:10 | Deep Dive |
| CVE-2024-13125 | Everest Forms < 3.0.8.1 - Admin+ Stored XSS | Unknown | Everest Forms | 中危 | - | 2025-02-13 06:00:12 | Deep Dive |
| CVE-2024-13829 | WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto <= 8.0.8 - Unauthenticated Sensitive Information Exposure | tripetto | WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto | Medium | 5.3 | 2025-02-05 05:22:32 | Deep Dive |
| CVE-2024-13403 | WPForms Lite <= 1.9.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via fieldHTML Parameter | smub | WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More | Medium | 6.4 | 2025-02-04 08:21:07 | Deep Dive |
| CVE-2025-24629 | WordPress Import Excel to Gravity Forms Plugin <= 1.18 - Reflected Cross Site Scripting (XSS) vulnerability | wpgear | Import Excel to Gravity Forms | High | 7.1 | 2025-02-03 14:22:48 | Deep Dive |
| CVE-2025-24545 | WordPress BSK Forms Validation plugin <= 1.7 - Reflected Cross Site Scripting (XSS) vulnerability | bannersky | BSK Forms Validation | High | 7.1 | 2025-02-03 14:22:46 | Deep Dive |
| CVE-2024-12184 | WordPress Contact Forms by Cimatti <= 1.9.4 - Missing Authorization to Unauthenticated Form Submission Download | cimatti | Contact Forms by Cimatti | Medium | 5.3 | 2025-02-01 03:21:12 | Deep Dive |