| CVE-2025-8239 | code-projects Exam Form Submission admin sql injection | code-projects | Exam Form Submission | High | 7.3 | 2025-07-27 19:02:06 | Deep Dive |
| CVE-2025-8238 | code-projects Exam Form Submission update_s2.php sql injection | code-projects | Exam Form Submission | High | 7.3 | 2025-07-27 18:32:06 | Deep Dive |
| CVE-2025-8237 | code-projects Exam Form Submission update_s1.php sql injection | code-projects | Exam Form Submission | High | 7.3 | 2025-07-27 18:02:06 | Deep Dive |
| CVE-2025-7645 | Extensions For CF7 (Contact form 7 Database, Conditional Fields and Redirection) <= 3.2.8 - Unauthenticated Arbitrary File Deletion Triggered via Admin Form Submission Deletion | htplugins | Extensions For CF7 (Contact form 7 Database, Conditional Fields and Redirection) | High | 8.1 | 2025-07-22 06:38:50 | Deep Dive |
| CVE-2015-10137 | Website Contact Form With File Upload <= 1.3.4 - Arbitrary File Upload | N-Media | Website Contact Form With File Upload | Critical | 9.8 | 2025-07-22 01:44:29 | Deep Dive |
| CVE-2025-6831 | User Registration <= 4.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via urcr_restrict Shortcode | wpeverest | User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder | Medium | 6.4 | 2025-07-22 01:44:28 | Deep Dive |
| CVE-2025-7697 | Integration for Google Sheets and Contact Form 7, WPForms, Elementor, Ninja Forms <= 1.1.1 - Unauthenticated PHP Object Injection via verify_field_val Function | crmperks | Integration for Google Sheets and Contact Form 7, WPForms, Elementor, Ninja Forms | Critical | 9.8 | 2025-07-19 04:23:03 | Deep Dive |
| CVE-2025-7696 | Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms <= 1.2.3 - Unauthenticated PHP Object Injection via verify_field_val Function | crmperks | Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms | Critical | 9.8 | 2025-07-19 04:23:02 | Deep Dive |
| CVE-2025-7638 | Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.45.0 - Authenticated (Administrator+) SQL Injection via `order_by` Parameter | wpmudev | Forminator Forms – Contact Form, Payment Form & Custom Form Builder | Medium | 4.9 | 2025-07-18 04:23:02 | Deep Dive |
| CVE-2025-29000 | WordPress Multi-language Responsive Contact Form plugin <= 2.8 - Broken Access Control Vulnerability | August Infotech | Multi-language Responsive Contact Form | High | 7.5 | 2025-07-16 11:28:11 | Deep Dive |
| CVE-2025-48345 | WordPress Contact Form 7 Editor Button plugin <= 1.0.0 - Reflected Cross Site Scripting (XSS) vulnerability | arisoft | Contact Form 7 Editor Button | High | 7.1 | 2025-07-16 11:28:01 | Deep Dive |
| CVE-2025-52777 | WordPress Pay with Contact Form 7 plugin <= 1.0.4 - Cross Site Scripting (XSS) Vulnerability | cmsMinds | Pay with Contact Form 7 | High | 7.1 | 2025-07-16 11:27:56 | Deep Dive |
| CVE-2025-54020 | WordPress AntiSpam for Contact Form 7 plugin <= 0.6.3 - Cross Site Request Forgery (CSRF) Vulnerability | Erik | AntiSpam for Contact Form 7 | Medium | 5.4 | 2025-07-16 10:36:44 | Deep Dive |
| CVE-2025-54015 | WordPress HT Contact Form 7 plugin <= 2.0.0 - Local File Inclusion Vulnerability | HT Plugins | HT Contact Form 7 | Medium | 6.6 | 2025-07-16 10:36:43 | Deep Dive |
| CVE-2025-7340 | HT Contact Form Widget For Elementor Page Builder & Gutenberg Blocks & Form Builder. <= 2.2.1 - Unauthenticated Arbitrary File Upload | htplugins | HT Contact Form – Drag & Drop Form Builder for WordPress | Critical | 9.8 | 2025-07-15 04:23:42 | Deep Dive |
| CVE-2025-7360 | HT Contact Form Widget For Elementor Page Builder & Gutenberg Blocks & Form Builder. <= 2.2.1 - Directory Traversal to Arbitrary File Move | htplugins | HT Contact Form – Drag & Drop Form Builder for WordPress | Critical | 9.1 | 2025-07-15 04:23:42 | Deep Dive |
| CVE-2025-7341 | HT Contact Form Widget For Elementor Page Builder & Gutenberg Blocks & Form Builder. <= 2.2.1 - Unauthenticated Arbitrary File Deletion | htplugins | HT Contact Form – Drag & Drop Form Builder for WordPress | Critical | 9.1 | 2025-07-15 04:23:41 | Deep Dive |
| CVE-2025-6691 | SureForms – Drag and Drop Form Builder for WordPress <= 1.7.3 - Unauthenticated Arbitrary File Deletion Triggered via Administrator Submission Deletion | brainstormforce | SureForms – Drag and Drop Form Builder for WordPress | High | 8.1 | 2025-07-09 05:23:40 | Deep Dive |
| CVE-2025-6742 | SureForms – Drag and Drop Form Builder for WordPress <= 1.7.3 - Unauthenticated PHP Object Injection (PHAR) Triggered via Admin Submission Deletion | brainstormforce | SureForms – Drag and Drop Form Builder for WordPress | High | 7.5 | 2025-07-09 05:23:39 | Deep Dive |
| CVE-2025-6740 | Contact Form 7 Database Addon <= 1.3.1 - Unauthenticated Stored Cross-Site Scripting via tmpD Parameter | arshidkv12 | Database Addon for Contact Form 7 – CFDB7 | Medium | 6.1 | 2025-07-04 11:18:25 | Deep Dive |