| CVE-2024-12037 | Frontend Content Forms for User Submissions (UGC) <= 2.8.13 - Authenticated (Contributor+) Stored Cross-Site Scripting | themekraft | Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) | Medium | 6.4 | 2025-01-31 11:11:11 | Deep Dive |
| CVE-2025-0470 | Forminator <= 1.38.2 - Reflected Cross-Site Scripting via Title Parameter | wpmudev | Forminator Forms – Contact Form, Payment Form & Custom Form Builder | Medium | 6.1 | 2025-01-31 03:21:29 | Deep Dive |
| CVE-2024-13470 | Ninja Forms – The Contact Form Builder That Grows With You <= 3.8.24 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | kstover | Ninja Forms – The Contact Form Builder That Grows With You | Medium | 6.4 | 2025-01-30 07:23:05 | Deep Dive |
| CVE-2025-24708 | WordPress WP Dynamics CRM plugin <= 1.1.6 - Reflected Cross Site Scripting (XSS) vulnerability | CRM Perks | WP Dynamics CRM for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms | High | 7.1 | 2025-01-27 14:22:18 | Deep Dive |
| CVE-2025-23921 | WordPress Multi Uploader for Gravity Forms plugin <= 1.1.3 - Arbitrary File Upload vulnerability | sh1zen | Multi Uploader for Gravity Forms | Critical | 9.0 | 2025-01-22 14:29:24 | Deep Dive |
| CVE-2025-22727 | WordPress MailChimp Subscribe Form plugin <= 4.1 - Cross Site Scripting (XSS) vulnerability | PluginOps | MailChimp Subscribe Forms | Medium | 6.5 | 2025-01-21 13:57:36 | Deep Dive |
| CVE-2024-13378 | GravityForms 2.9.0.1 - 2.9.1.3 - Unauthenticated Stored Cross-Site Scripting via 'style_settings' parameter | Gravity Forms | Gravity Forms | Medium | 5.4 | 2025-01-17 09:36:39 | Deep Dive |
| CVE-2024-13377 | GravityForms <= 2.9.1.3 - Unauthenticated Stored Cross-Site Scripting via 'alt' parameter | Gravity Forms | Gravity Forms | High | 7.2 | 2025-01-17 09:36:38 | Deep Dive |
| CVE-2025-22752 | WordPress GSheetConnector for Forminator Forms Plugin <= 1.0.12 - Reflected Cross Site Scripting (XSS) vulnerability | WesternDeal | GSheetConnector for Forminator Forms | High | 7.1 | 2025-01-15 15:23:28 | Deep Dive |
| CVE-2025-23041 | Short and Long Answer Fields Are Not Validated Server-Side For Maximum Length in Umbraco.Forms | umbraco | Umbraco.Forms.Issues | Medium | 5.8 | 2025-01-14 18:54:45 | Deep Dive |
| CVE-2025-22295 | WordPress Tripetto plugin <= 8.0.6 - Cross Site Scripting (XSS) vulnerability | Tripetto | WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto | 中危 | - | 2025-01-09 15:39:33 | Deep Dive |
| CVE-2025-22504 | WordPress 4ECPS Web Forms Plugin <= 0.2.18 - Arbitrary File Upload vulnerability | jumpdemand | 4ECPS Web Forms | Critical | 10.0 | 2025-01-09 15:39:29 | Deep Dive |
| CVE-2025-22813 | WordPress ChatBot Conversational Forms plugin <= 1.4.2 - Cross Site Scripting (XSS) vulnerability | QuantumCloud | Conversational Forms for ChatBot | Medium | 6.5 | 2025-01-09 15:39:04 | Deep Dive |
| CVE-2024-12738 | User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor <= 3.12.9 - Unauthenticated Stored Cross-Site Scripting | cozmoslabs | User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor | Medium | 6.1 | 2025-01-07 12:43:40 | Deep Dive |
| CVE-2024-11826 | Quill Forms | The Best Typeform Alternative | Create Conversational Multi Step Form, Survey, Quiz, Cost Estimation or Donation Form on WordPress <= 3.10.0 - Authenticated (Contributor+) Stored Cross-Site Scripting | mdmag | Quill Forms | Conversational Multi Step Forms, Surveys & quizzes | Medium | 6.4 | 2025-01-07 11:11:12 | Deep Dive |
| CVE-2024-51651 | WordPress CubeWP Forms plugin <= 1.1.10 - Broken Access Control vulnerability | Imran Tauqeer | CubeWP Forms | Medium | 5.3 | 2025-01-07 10:49:31 | Deep Dive |
| CVE-2025-22347 | WordPress BSK Forms Blacklist plugin <= 3.9 - CSRF to SQL Injection vulnerability | bannersky | BSK Forms Blacklist | High | 8.2 | 2025-01-07 10:48:42 | Deep Dive |
| CVE-2023-47692 | WordPress Flo Forms plugin <= 1.0.41 - Broken Access Control vulnerability | flothemesplugins | Flo Forms | 中危 | - | 2025-01-02 12:00:38 | Deep Dive |
| CVE-2023-46610 | WordPress Quill Forms plugin <= 3.3.0 - Broken Access Control + CSRF vulnerability | Mohamed Magdy | Quill Forms | 中危 | - | 2025-01-02 12:00:21 | Deep Dive |
| CVE-2023-46083 | WordPress Kali Forms plugin <= 2.3.27 - Broken Access Control vulnerability | WP Chill | Kali Forms | 中危 | - | 2025-01-02 11:59:59 | Deep Dive |