| CVE-2025-2801 | Create custom forms for WordPress with a smart form plugin for smart businesses <= 1.2.4 - Unauthenticated Arbitrary Shortcode Execution | dorinabc | Create custom forms for WordPress with a smart form plugin for smart businesses – Form builder for WordPress | High | 7.3 | 2025-04-26 03:24:24 | Deep Dive |
| CVE-2025-3912 | WS Form LITE – Drag & Drop Contact Form Builder for WordPress <= 1.10.35 - Missing Authorization to Unauthenticated Sensitive Information Exposure | westguard | WS Form LITE – Drag & Drop Contact Form Builder | Medium | 5.3 | 2025-04-25 11:12:52 | Deep Dive |
| CVE-2025-3867 | Ajax Comment Form CST <= 1.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting | rafe007 | Ajax Comment Form CST | Medium | 6.1 | 2025-04-25 06:45:28 | Deep Dive |
| CVE-2025-2580 | Contact Form by Bit Form <= 2.18.3 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload | bitpressadmin | Bit Form – Custom Contact Form, Multi Step, Conversational Form & Payment Form builder | Medium | 4.9 | 2025-04-25 05:25:06 | Deep Dive |
| CVE-2025-1294 | eForm <= 4.18.0 - Unauthenticated Stored Cross-Site Scripting | WPQuark | eForm - WordPress Form Builder | High | 7.2 | 2025-04-24 22:22:15 | Deep Dive |
| CVE-2025-46510 | WordPress Contact Form 7 Calendar plugin <= 3.0.1 - CSRF to Stored XSS vulnerability | harrysudana | Contact Form 7 Calendar | High | 7.1 | 2025-04-24 16:08:55 | Deep Dive |
| CVE-2025-46252 | WordPress Message Filter for Contact Form 7 plugin <= 1.6.3.2 - SQL Injection vulnerability | Kofi Mokome | Message Filter for Contact Form 7 | High | 7.6 | 2025-04-22 09:53:35 | Deep Dive |
| CVE-2025-3284 | User Registration & Membership PRO – Custom Registration Form, Login Form, and User Profile <= 5.1.3 - Cross-Site Request Forgery to User Deletion | WPEverest | User Registration PRO – Custom Registration Form, Login Form, and User Profile WordPress Plugin | Medium | 4.3 | 2025-04-19 02:22:33 | Deep Dive |
| CVE-2025-27285 | WordPress Easy Form by AYS Plugin <= 2.6.9 - Reflected Cross Site Scripting (XSS) vulnerability | Ays Pro | Easy Form | High | 7.1 | 2025-04-17 15:48:09 | Deep Dive |
| CVE-2025-39521 | WordPress Contact Form vCard Generator plugin <= 2.4 - Reflected Cross Site Scripting (XSS) vulnerability | Ashish Ajani | Contact Form vCard Generator | High | 7.1 | 2025-04-17 15:46:56 | Deep Dive |
| CVE-2025-39562 | WordPress Payment Form for PayPal Pro plugin <= 1.1.72 - Cross Site Scripting (XSS) Vulnerability | codepeople | Payment Form for PayPal Pro | - | - | 2025-04-17 15:46:49 | Deep Dive |
| CVE-2025-3487 | Forminator <= 1.42.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'limit' | wpmudev | Forminator Forms – Contact Form, Payment Form & Custom Form Builder | Medium | 6.4 | 2025-04-17 11:13:06 | Deep Dive |
| CVE-2025-3479 | Forminator <= 1.42.0 - Order Replay Vulnerability | wpmudev | Forminator Forms – Contact Form, Payment Form & Custom Form Builder | Medium | 5.3 | 2025-04-17 11:13:06 | Deep Dive |
| CVE-2025-3615 | Fluent Forms <= 6.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting | techjewel | Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder | Medium | 6.4 | 2025-04-17 07:34:08 | Deep Dive |
| CVE-2024-10680 | Form Maker by 10Web < 1.15.32 - Admin+ Stored XSS | Unknown | Form Maker by 10Web | - | - | 2025-04-16 06:00:09 | Deep Dive |
| CVE-2025-3247 | Contact Form 7 <= 6.0.5 - Order Replay Vulnerability | rocklobsterinc | Contact Form 7 | Medium | 5.3 | 2025-04-16 05:23:01 | Deep Dive |
| CVE-2024-13452 | Contact Form by Supsystic <= 1.7.29 - Cross-Site Request Forgery to Stored Cross-Site Scripting via saveAsCopy AJAX Action | supsysticcom | Contact Form by Supsystic | Medium | 6.1 | 2025-04-16 02:12:04 | Deep Dive |
| CVE-2025-3282 | User Registration & Membership – Custom Registration Form, Login Form, and User Profile <= 4.1.3 - Insecure Direct Object Reference to Unauthenticated Membership Modification | wpeverest | User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder | Medium | 5.3 | 2025-04-12 06:37:18 | Deep Dive |
| CVE-2025-3292 | User Registration & Membership – Custom Registration Form, Login Form, and User Profile <= 4.1.3 - Insecure Direct Object Reference to Authenticated (Subscriber+) User Password Update | wpeverest | User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder | Medium | 4.3 | 2025-04-12 06:37:17 | Deep Dive |
| CVE-2025-3421 | Everest Forms <= 3.1.1 - Reflected Cross-Site Scripting | wpeverest | Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form Builder | Medium | 6.1 | 2025-04-11 12:42:25 | Deep Dive |