| CVE-2025-48231 | WordPress Booking Calendar Contact Form plugin <= 1.2.58 - Cross Site Scripting (XSS) Vulnerability | codepeople | Booking Calendar Contact Form | Medium | 6.5 | 2025-07-04 11:18:03 | Deep Dive |
| CVE-2025-23972 | WordPress Contact Form 7 reCAPTCHA plugin <= 1.2.0 - Cross Site Request Forgery (CSRF) Vulnerability | Brian S. Reed | Contact Form 7 reCAPTCHA | Medium | 4.3 | 2025-07-04 08:42:04 | Deep Dive |
| CVE-2024-13451 | Contact Form by Bit Form <= 2.17.5 - Unauthenticated Sensitive Information Exposure | bitpressadmin | Bit Form – Custom Contact Form, Multi Step, Conversational Form & Payment Form builder | Medium | 5.3 | 2025-07-02 05:29:18 | Deep Dive |
| CVE-2025-6464 | Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.44.2 - Unauthenticated PHP Object Injection (PHAR) Triggered via Administrator Form Submission Deletion | wpmudev | Forminator Forms – Contact Form, Payment Form & Custom Form Builder | High | 7.5 | 2025-07-02 05:29:17 | Deep Dive |
| CVE-2025-6463 | Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.44.2 - Unauthenticated Arbitrary File Deletion Triggered via Administrator Form Submission Deletion | wpmudev | Forminator Forms – Contact Form, Payment Form & Custom Form Builder | High | 8.8 | 2025-07-02 04:24:56 | Deep Dive |
| CVE-2025-5692 | Lead Form Data Collection to CRM <= 3.1 - Missing Authorization to Authenticated (Subscriber+) Many Actions | smackcoders | Lead Form Data Collection to CRM | Medium | 6.3 | 2025-07-02 02:03:53 | Deep Dive |
| CVE-2025-6756 | Ultra Addons for Contact Form 7 <= 3.5.21 - Authenticated (Contributor+) Stored Cross-Site Scripting via UACF7_CUSTOM_FIELDS Shortcode | themefic | Ultra Addons for Contact Form 7 | Medium | 6.4 | 2025-07-01 09:25:05 | Deep Dive |
| CVE-2025-5730 | Easy Contact Form Lite < 1.1.29 - Contributor+ Stored XSS | Unknown | Contact Form Plugin | 中危 | - | 2025-06-30 06:00:02 | Deep Dive |
| CVE-2025-53325 | WordPress Beauty Contact Popup Form plugin <= 6.0 - Cross Site Scripting (XSS) Vulnerability | Dilip kumar | Beauty Contact Popup Form | Medium | 5.9 | 2025-06-27 13:21:41 | Deep Dive |
| CVE-2025-53322 | WordPress Accept Authorize.NET Payments Using Contact Form 7 plugin <= 2.5 - Sensitive Data Exposure Vulnerability | ZealousWeb | Accept Authorize.NET Payments Using Contact Form 7 | Medium | 5.3 | 2025-06-27 13:21:39 | Deep Dive |
| CVE-2025-53309 | WordPress Accept Stripe Payments Using Contact Form 7 plugin <= 3.0 - Sensitive Data Exposure Vulnerability | ZealousWeb | Accept Stripe Payments Using Contact Form 7 | Medium | 5.3 | 2025-06-27 13:21:33 | Deep Dive |
| CVE-2025-53304 | WordPress Contact Form – 7 : Hide Success Message plugin <= 1.1.4 - Broken Access Control Vulnerability | Rohil | Contact Form – 7 : Hide Success Message | Medium | 5.3 | 2025-06-27 13:21:30 | Deep Dive |
| CVE-2025-24774 | WordPress WPCRM - CRM for Contact form CF7 & WooCommerce plugin <= 3.2.0 - Reflected Cross Site Scripting (XSS) vulnerability | mojoomla | WPCRM - CRM for Contact form CF7 & WooCommerce | High | 7.1 | 2025-06-27 11:52:47 | Deep Dive |
| CVE-2025-52817 | WordPress Abandoned Contact Form 7 plugin <= 2.2 - Broken Access Control vulnerability | ZealousWeb | Abandoned Contact Form 7 | High | 8.2 | 2025-06-27 11:52:17 | Deep Dive |
| CVE-2025-5398 | Ninja Forms <= 3.10.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via CSTI | kstover | Ninja Forms – The Contact Form Builder That Grows With You | Medium | 6.4 | 2025-06-27 09:23:19 | Deep Dive |
| CVE-2025-6212 | Ultra Addons for Contact Form 7 3.5.11 - 3.5.19 - Unauthenticated Stored Cross-Site Scripting via Database module | themefic | Ultra Addons for Contact Form 7 | High | 7.2 | 2025-06-26 09:22:03 | Deep Dive |
| CVE-2025-49988 | WordPress Contact Form 7 AWeber Extension plugin <= 0.1.40 - Broken Access Control vulnerability | Renzo Johnson | Contact Form 7 AWeber Extension | Medium | 5.3 | 2025-06-20 15:04:09 | Deep Dive |
| CVE-2025-52794 | WordPress Creative Contact Form plugin <= 1.0.0 - Cross Site Request Forgery (CSRF) Vulnerability | Creative-Solutions | Creative Contact Form | High | 7.1 | 2025-06-20 15:03:41 | Deep Dive |
| CVE-2025-52733 | WordPress ANON::form embedded secure form plugin <= 1.7 - Cross Site Scripting (XSS) Vulnerability | Anonform Ab | ANON::form embedded secure form | Medium | 6.5 | 2025-06-20 15:03:38 | Deep Dive |
| CVE-2025-6220 | Ultimate Addons for Contact Form 7 <= 3.5.12 - Authenticated (Administrator+) Arbitrary File Upload via 'save_options' | themefic | Ultra Addons for Contact Form 7 | High | 7.2 | 2025-06-18 11:16:31 | Deep Dive |