| CVE-2024-56215 | WordPress Member Directory and Contact Form plugin <= 1.7.0 - Broken Access Control vulnerability | DBAR Productions | Member Directory and Contact Form | Medium | 4.3 | 2024-12-31 10:17:30 | Deep Dive |
| CVE-2024-56218 | WordPress Contact Form 7 - Dynamic Text Extension plugin <= 5.0.1 - Cross Site Request Forgery (CSRF) vulnerability | sevenspark | Contact Form 7 – Dynamic Text Extension | Medium | 4.3 | 2024-12-31 10:12:52 | Deep Dive |
| CVE-2024-12238 | Ninja Forms – The Contact Form Builder That Grows With You <= 3.8.22 - Authenticated (Subscriber+) Arbitrary Shortcode Execution | kstover | Ninja Forms – The Contact Form Builder That Grows With You | Medium | 6.3 | 2024-12-29 05:22:54 | Deep Dive |
| CVE-2024-10862 | NEX-Forms <= 8.7.15 - Authenticated (Admin+) SQL Injection | webaways | NEX-Forms – Ultimate Forms Plugin for WordPress | Medium | 4.9 | 2024-12-25 06:42:14 | Deep Dive |
| CVE-2024-12190 | Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder <= 2.17.3 - Missing Authorization to Authenticated (Subscriber+) Form Submission Disclosure | bitpressadmin | Bit Form – Custom Contact Form, Multi Step, Conversational Form & Payment Form builder | Medium | 4.3 | 2024-12-25 03:21:32 | Deep Dive |
| CVE-2024-12250 | Accept Authorize.NET Payments Using Contact Form 7 <= 2.2 - Unauthenticated Information Exposure | zealopensource | Accept Authorize.NET Payments Using Contact Form 7 | Medium | 5.3 | 2024-12-18 03:22:07 | Deep Dive |
| CVE-2024-55990 | WordPress Mollie for Contact Form 7 plugin <= 5.0.0 - SQL Injection vulnerability | tsjippy | Mollie for Contact Form 7 | High | 7.6 | 2024-12-16 14:13:38 | Deep Dive |
| CVE-2024-10646 | Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.2.6 - Unauthenticated Stored Cross-Site Scripting via Form Subject | techjewel | Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder | High | 7.2 | 2024-12-14 05:34:14 | Deep Dive |
| CVE-2024-54343 | WordPress Connect Contact Form 7 to Constant Contact plugin <= 1.4 - Reflected Cross Site Scripting (XSS) vulnerability | thehowarde | Connect Contact Form 7 to Constant Contact | High | 7.1 | 2024-12-13 14:25:41 | Deep Dive |
| CVE-2023-41862 | WordPress VS Contact Form plugin <= 14.0 - Sum Captcha Bypass vulnerability | Guido | VS Contact Form | Medium | 5.3 | 2024-12-13 14:24:21 | Deep Dive |
| CVE-2023-39920 | WordPress Redirection for Contact Form 7 plugin <= 2.9.2 - Broken Access Control vulnerability | Themeisle | Redirection for Contact Form 7 | 高危 | - | 2024-12-13 14:23:59 | Deep Dive |
| CVE-2023-32520 | WordPress WCP Contact Form plugin <= 3.1.0 - Broken Access Control vulnerability | WebCodin | WCP Contact Form | High | 7.5 | 2024-12-13 14:23:23 | Deep Dive |
| CVE-2023-32519 | WordPress WCP Contact Form plugin <= 3.1.0 - Broken Access Control vulnerability | WebCodin | WCP Contact Form | Medium | 4.3 | 2024-12-13 14:23:23 | Deep Dive |
| CVE-2024-11052 | Ninja Forms – The Contact Form Builder That Grows With You <= 3.8.19 - Unauthenticated Stored Cross-Site Scripting via Form Calculations | kstover | Ninja Forms – The Contact Form Builder That Grows With You | High | 7.2 | 2024-12-12 05:24:24 | Deep Dive |
| CVE-2024-12255 | Accept Stripe Payments Using Contact Form 7 <= 2.5 - Unauthenticated Information Exposure | zealopensource | Accept Stripe Payments Using Contact Form 7 | Medium | 5.3 | 2024-12-12 05:24:22 | Deep Dive |
| CVE-2024-12341 | Custom Skins Contact Form 7 <= 1.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Update and Skin Creation | mahendrapatidarmp | Custom Skins Contact Form 7 | Medium | 4.3 | 2024-12-12 03:23:05 | Deep Dive |
| CVE-2024-11205 | WPForms 1.8.4 - 1.9.2.1 - Missing Authorization to Authenticated (Subscriber+) Payment Refund and Subscription Cancellation | smub | WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More | High | 8.5 | 2024-12-10 04:23:41 | Deep Dive |
| CVE-2024-54254 | WordPress Message Filter for Contact Form 7 plugin <= 1.6.3 - Broken Access Control vulnerability | Kofi Mokome | Message Filter for Contact Form 7 | Medium | 6.3 | 2024-12-09 12:42:13 | Deep Dive |
| CVE-2023-25035 | WordPress Quick Contact Form plugin <= 8.0.3.1 - Broken Access Control vulnerability | Saad Iqbal | Quick Contact Form | Medium | 6.5 | 2024-12-09 11:31:38 | Deep Dive |
| CVE-2023-25037 | WordPress Booking Calendar Contact Form plugin <= 1.2.34 - Broken Access Control vulnerability | codepeople | Booking Calendar Contact Form | Medium | 4.3 | 2024-12-09 11:31:38 | Deep Dive |