| CVE-2025-3439 | Everest Forms – Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress <= 3.1.1 - Unauthenticated PHP Object Injection | wpeverest | Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form Builder | Critical | 9.8 | 2025-04-11 12:42:24 | Deep Dive |
| CVE-2025-3422 | Everest Forms <= 3.1.1 - Authenticated (Subscriber+) Arbitrary Shortcode Execution | wpeverest | Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form Builder | Medium | 5.4 | 2025-04-11 12:42:24 | Deep Dive |
| CVE-2025-32199 | WordPress Contact Form Builder by vcita plugin <= 4.10.2 - Cross Site Scripting (XSS) vulnerability | eyale-vc | Contact Form Builder by vcita | Medium | 6.5 | 2025-04-10 08:09:44 | Deep Dive |
| CVE-2025-32679 | WordPress User Registration Using Contact Form 7 plugin <= 2.4 - Cross Site Request Forgery (CSRF) vulnerability | ZealousWeb | User Registration Using Contact Form 7 | Medium | 5.4 | 2025-04-09 16:09:14 | Deep Dive |
| CVE-2025-2883 | Accept SagePay Payments Using Contact Form 7 <= 2.0 - Unauthenticated Information Exposure | zealopensource | Accept SagePay Payments Using Contact Form 7 | Medium | 5.3 | 2025-04-08 09:21:20 | Deep Dive |
| CVE-2025-32269 | WordPress WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms Plugin <= 1.1.3 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability | CRM Perks | WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms | Medium | 4.3 | 2025-04-04 15:59:43 | Deep Dive |
| CVE-2025-32126 | WordPress Pay with Contact Form 7 Plugin <= 1.0.4 - SQL Injection vulnerability | cmsMinds | Pay with Contact Form 7 | High | 7.6 | 2025-04-04 15:58:25 | Deep Dive |
| CVE-2025-22282 | WordPress ez Form Calculator Premouium plugin <= 2.14.1.2 - Reflected Cross Site Scripting (XSS) vulnerability | keksdieb | ez Form Calculator Premium | High | 7.1 | 2025-04-04 10:43:12 | Deep Dive |
| CVE-2025-31582 | WordPress Contact Form vCard Generator plugin <= 2.4 - Cross Site Scripting (XSS) vulnerability | Ashish Ajani | Contact Form vCard Generator | High | 7.1 | 2025-04-03 13:27:12 | Deep Dive |
| CVE-2025-31821 | WordPress Integration of Zoho CRM and Contact Form 7 plugin <= 1.0.6 - Open Redirection Vulnerability | formsintegrations | Integration of Zoho CRM and Contact Form 7 | Medium | 4.7 | 2025-04-01 14:51:46 | Deep Dive |
| CVE-2025-31745 | WordPress Subscription Form for Feedblitz Plugin <= 1.0.9 - Cross Site Scripting (XSS) vulnerability | Arni Cinco | Subscription Form for Feedblitz | Medium | 6.5 | 2025-04-01 14:51:08 | Deep Dive |
| CVE-2025-31629 | WordPress Infusionsoft Web Form JavaScript plugin <= 1.1.1 - Cross Site Scripting (XSS) vulnerability | Jacob Allred | Infusionsoft Web Form JavaScript | Medium | 6.5 | 2025-03-31 12:55:47 | Deep Dive |
| CVE-2025-2485 | Drag and Drop Multiple File Upload for Contact Form 7 <= 1.3.8.7 - Unauthenticated PHP Object Injection via PHAR to Arbitrary File Deletion | glenwpcoder | Drag and Drop Multiple File Upload for Contact Form 7 | High | 7.5 | 2025-03-28 06:51:46 | Deep Dive |
| CVE-2025-2328 | Drag and Drop Multiple File Upload for Contact Form 7 <= 1.3.8.7 - Unauthenticated Arbitrary File Deletion | glenwpcoder | Drag and Drop Multiple File Upload for Contact Form 7 | High | 8.8 | 2025-03-28 06:51:45 | Deep Dive |
| CVE-2025-31101 | WordPress VaultRE Contact Form 7 plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability | Vault Group Pty Ltd | VaultRE Contact Form 7 | Medium | 5.9 | 2025-03-27 22:25:04 | Deep Dive |
| CVE-2025-30900 | WordPress Zoho Billing – Embed Payment Form plugin <= 4.0 - Stored Cross Site Scripting (XSS) vulnerability | Zoho Subscriptions | Zoho Billing – Embed Payment Form | Medium | 6.5 | 2025-03-27 10:55:50 | Deep Dive |
| CVE-2025-30885 | WordPress Bit Form plugin <= 2.18.0 - Open Redirection vulnerability | Bit Apps | Bit Form | Medium | 4.7 | 2025-03-27 10:55:42 | Deep Dive |
| CVE-2025-30863 | WordPress Integration for Google Sheets and Contact Form 7, WPForms, Elementor, Ninja Forms plugin <= 1.0.9 - Cross Site Request Forgery (CSRF) vulnerability | CRM Perks | Integration for Google Sheets and Contact Form 7, WPForms, Elementor, Ninja Forms | Medium | 4.3 | 2025-03-27 10:55:33 | Deep Dive |
| CVE-2025-30810 | WordPress Lead Form Data Collection to CRM plugin <= 3.0.1 - SQL Injection vulnerability | Smackcoders Inc., | Lead Form Data Collection to CRM | High | 8.5 | 2025-03-27 10:54:59 | Deep Dive |
| CVE-2025-26560 | WordPress WP Contact Form III Plugin <= 1.6.2d - Reflected Cross Site Scripting (XSS) vulnerability | KKWangen | WP Contact Form III | High | 7.1 | 2025-03-26 14:24:19 | Deep Dive |