| CVE-2023-0714 | Metform Elementor Contact Form Builder <= 3.2.4 - Unauthenticated Double-Extension Arbitrary File Upload | roxnor | MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor | High | 8.1 | 2024-08-17 09:38:58 | Deep Dive |
| CVE-2024-38724 | WordPress Contact Form 7 Summary and Print plugin <= 1.2.5 - Cross Site Request Forgery (CSRF) to XSS vulnerability | Muhammad Rehman | Contact Form 7 Summary and Print | High | 7.1 | 2024-08-13 10:16:09 | Deep Dive |
| CVE-2024-7389 | Forminator <= 1.29.1 - HubSpot Developer API Key Sensitive Information Exposure | wpmudev | Forminator Forms – Contact Form, Payment Form & Custom Form Builder | High | 7.5 | 2024-08-02 04:29:55 | Deep Dive |
| CVE-2024-39647 | WordPress Message Filter for Contact Form 7 plugin <= 1.6.1.1 - Cross Site Scripting (XSS) vulnerability | Kofi Mokome | Message Filter for Contact Form 7 | High | 7.1 | 2024-08-01 22:09:42 | Deep Dive |
| CVE-2024-6725 | Formidable Forms <= 6.11.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting | strategy11team | Formidable Forms – Contact Form Plugin, Survey, Quiz, Payment, Calculator Form & Custom Form Builder | Medium | 4.9 | 2024-07-31 10:59:18 | Deep Dive |
| CVE-2024-6770 | Lifetime free Drag & Drop Contact Form Builder for WordPress VForm <= 2.1.5 - Unauthenticated Stored Cross-Site Scripting | vikasratudi | VPSUForm – Drag & Drop Contact Form Builder with Email Automation | High | 7.2 | 2024-07-31 05:30:57 | Deep Dive |
| CVE-2024-5808 | WP Ajax Contact Form <= 2.2.2 - Arbitrary Email Deletion via CSRF | Unknown | WP Ajax Contact Form | - | - | 2024-07-30 06:00:09 | Deep Dive |
| CVE-2024-5809 | WP Ajax Contact Form <= 2.2.2 - Reflected Cross-Site Scripting | Unknown | WP Ajax Contact Form | - | - | 2024-07-30 06:00:09 | Deep Dive |
| CVE-2024-6703 | Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.19 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Welcome Screen Fields | techjewel | Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder | Medium | 4.9 | 2024-07-27 12:30:06 | Deep Dive |
| CVE-2024-6518 | Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.19 - Authenticated (Administrator+) Stored Cross-Site Scripting | techjewel | Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder | Medium | 4.4 | 2024-07-27 11:37:32 | Deep Dive |
| CVE-2024-6520 | Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.19 - Authenticated (Administrator+) Stored Cross-Site Scripting | techjewel | Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder | Medium | 4.4 | 2024-07-27 11:37:29 | Deep Dive |
| CVE-2024-6521 | Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.19 - Authenticated (Administrator+) Stored Cross-Site Scripting | techjewel | Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder | Medium | 4.4 | 2024-07-27 11:13:39 | Deep Dive |
| CVE-2024-37537 | WordPress WS Contact Form plugin <= 1.3.7 - Cross Site Scripting (XSS) vulnerability | UusWeb.ee | WS Contact Form | Medium | 5.9 | 2024-07-21 07:04:59 | Deep Dive |
| CVE-2024-5804 | Conditional Fields for Contact Form 7 <= 2.4.13 - Cross-Site Request Forgery to Plugin Setting Reset | jules-colle | Conditional Fields for Contact Form 7 | Medium | 4.3 | 2024-07-20 02:02:16 | Deep Dive |
| CVE-2024-37498 | WordPress Tablesome plugin <= 1.0.33 - Sensitive Data Exposure via API vulnerability | Pauple | Table & Contact Form 7 Database – Tablesome | Medium | 5.3 | 2024-07-10 17:47:56 | Deep Dive |
| CVE-2024-6123 | Bit Form <= 2.13.3 - Authenticated (Administrator+) Arbitrary File Upload | bitpressadmin | Bit Form – Custom Contact Form, Multi Step, Conversational Form & Payment Form builder | High | 7.2 | 2024-07-09 07:38:45 | Deep Dive |
| CVE-2024-6316 | Generate PDF using Contact Form 7 <= 4.1.2 - Cross-Site Request Forgery to Arbitrary File Upload | zealopensource | Generate PDF using Contact Form 7 | High | 8.8 | 2024-07-09 07:38:45 | Deep Dive |
| CVE-2024-6317 | Generate PDF using Contact Form 7 <= 4.1.2 - Cross-Site Request Forgery to Arbitrary File Deletion | zealopensource | Generate PDF using Contact Form 7 | High | 8.8 | 2024-07-09 07:38:44 | Deep Dive |
| CVE-2024-37555 | WordPress Generate PDF using Contact Form 7 plugin <= 4.1.2 - CSRF to Arbitrary File Upload vulnerability | ZealousWeb | Generate PDF using Contact Form 7 | Critical | 9.1 | 2024-07-09 07:21:53 | Deep Dive |
| CVE-2024-5419 | Void Contact Form 7 Widget For Elementor Page Builder <= 2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via cf7_redirect_page Attribute | voidthemes | Void Contact Form 7 Widget For Elementor Page Builder | Medium | 6.4 | 2024-07-02 03:14:52 | Deep Dive |