| CVE-2024-7354 | Ninja Forms 3.8.6-3.8.10 - Reflected XSS | Unknown | Ninja Forms | - | - | 2024-09-02 06:00:01 | Deep Dive |
| CVE-2024-5053 | Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.18 - Missing Authorization to Authenticated (Subscriber+) Mailchimp Integration Modification | techjewel | Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder | Medium | 4.2 | 2024-09-01 10:58:05 | Deep Dive |
| CVE-2024-5879 | HubSpot – CRM, Email Marketing, Live Chat, Forms & Analytics <= 11.1.22 - Authenticated (Contributor+) Stored Cross-Site Scripting via HubSpot Meeting Widget | hubspotdev | HubSpot All-In-One Marketing – Forms, Popups, Live Chat | Medium | 6.4 | 2024-08-30 04:29:57 | Deep Dive |
| CVE-2024-39628 | WordPress Ninja Forms plugin <= 3.8.6 - Cross Site Request Forgery (CSRF) vulnerability | Saturday Drive | Ninja Forms | Medium | 5.4 | 2024-08-26 20:58:10 | Deep Dive |
| CVE-2024-43287 | WordPress Brevo plugin <= 3.1.82 - Cross Site Request Forgery (CSRF) vulnerability | Brevo | Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue | Medium | 4.3 | 2024-08-26 20:46:07 | Deep Dive |
| CVE-2024-43233 | WordPress BSK Forms Blacklist plugin <= 3.8 - Cross Site Scripting (XSS) vulnerability | BannerSky | BSK Forms Blacklist | High | 7.1 | 2024-08-12 21:02:55 | Deep Dive |
| CVE-2024-7484 | CRM Perks Forms <= 1.1.3 - Authenticated (Administrator+) Arbitrary File Upload | crmperks | CRM Perks Forms – WordPress Form Builder | High | 7.2 | 2024-08-06 01:49:57 | Deep Dive |
| CVE-2024-39643 | WordPress RegistrationMagic plugin <= 6.0.0.1 - Cross Site Scripting (XSS) vulnerability | RegistrationMagic Forms | RegistrationMagic | Medium | 5.8 | 2024-08-01 22:24:49 | Deep Dive |
| CVE-2024-6725 | Formidable Forms <= 6.11.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting | strategy11team | Formidable Forms – Contact Form Plugin, Survey, Quiz, Payment, Calculator Form & Custom Form Builder | Medium | 4.9 | 2024-07-31 10:59:18 | Deep Dive |
| CVE-2024-6412 | HTML Forms – Simple WordPress Forms Plugin < 1.3.34 - Bulk Delete via CSRF | Unknown | HTML Forms | - | - | 2024-07-31 06:00:04 | Deep Dive |
| CVE-2024-6703 | Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.19 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Welcome Screen Fields | techjewel | Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder | Medium | 4.9 | 2024-07-27 12:30:06 | Deep Dive |
| CVE-2024-6518 | Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.19 - Authenticated (Administrator+) Stored Cross-Site Scripting | techjewel | Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder | Medium | 4.4 | 2024-07-27 11:37:32 | Deep Dive |
| CVE-2024-6520 | Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.19 - Authenticated (Administrator+) Stored Cross-Site Scripting | techjewel | Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder | Medium | 4.4 | 2024-07-27 11:37:29 | Deep Dive |
| CVE-2024-6521 | Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.19 - Authenticated (Administrator+) Stored Cross-Site Scripting | techjewel | Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder | Medium | 4.4 | 2024-07-27 11:13:39 | Deep Dive |
| CVE-2024-38773 | WordPress formlift plugin <= 7.5.17 - Unauthenticated Blind SQL Injection vulnerability | Adrian Tobey | FormLift for Infusionsoft Web Forms | Critical | 9.3 | 2024-07-22 10:07:54 | Deep Dive |
| CVE-2024-6243 | HTML Forms < 1.3.33 - Admin+ Stored XSS | Unknown | HTML Forms | - | - | 2024-07-22 06:00:06 | Deep Dive |
| CVE-2024-37512 | WordPress NEX-Forms – Ultimate Form Builder plugin <= 8.5.10 - Cross Site Scripting (XSS) vulnerability | Basix | NEX-Forms – Ultimate Form Builder | Medium | 6.5 | 2024-07-21 07:17:59 | Deep Dive |
| CVE-2024-5325 | Form Vibes <= 1.4.10 - Authenticated (Subscriber+) SQL Injection via fv_export_data | wpvibes | Form Vibes – Database Manager for Forms | High | 8.8 | 2024-07-12 12:47:02 | Deep Dive |
| CVE-2024-6550 | Gravity Forms: Multiple Form Instances <= 1.1.1 - Unauthenticated Full Path Disclosure | tyxla | Gravity Forms: Multiple Form Instances | Medium | 5.3 | 2024-07-10 03:32:35 | Deep Dive |
| CVE-2024-37934 | WordPress Ninja Forms plugin <= 3.8.4 - Subscriber+ Arbitrary Shortcode Execution vulnerability | Saturday Drive | Ninja Forms | Medium | 5.4 | 2024-07-09 12:22:20 | Deep Dive |