| CVE-2025-0469 | Forminator <= 1.39.2 - Authenticated (Contributor+) Stored Cross-Site Scripting | wpmudev | Forminator Forms – Contact Form, Payment Form & Custom Form Builder | Medium | 6.4 | 2025-02-27 04:21:44 | Deep Dive |
| CVE-2025-1517 | Sina Extension for Elementor <= 3.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Fancy Text, Countdown Widget, and Login Form Shortcodes | shaonsina | Sina Extension for Elementor | Medium | 6.4 | 2025-02-26 08:21:57 | Deep Dive |
| CVE-2025-26962 | WordPress Contact Form Plugin plugin <= 1.1.25 - Cross Site Scripting (XSS) vulnerability | GhozyLab | Easy Contact Form Lite | Medium | 6.5 | 2025-02-25 14:17:57 | Deep Dive |
| CVE-2025-1128 | Everest Forms <= 3.0.9.4 - Unauthenticated Arbitrary File Upload, Read, and Deletion | wpeverest | Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form Builder | Critical | 9.8 | 2025-02-25 06:58:31 | Deep Dive |
| CVE-2025-27304 | WordPress Contact Form 7 Star Rating with font Awesome plugin <= 1.3 - Cross Site Scripting (XSS) vulnerability | themelogger | Contact Form 7 Star Rating with font Awesome | Medium | 5.9 | 2025-02-24 14:48:55 | Deep Dive |
| CVE-2025-27303 | WordPress Contact Form 7 Star Rating plugin <= 1.10 - Cross Site Scripting (XSS) vulnerability | themelogger | Contact Form 7 Star Rating | Medium | 5.9 | 2025-02-24 14:48:54 | Deep Dive |
| CVE-2024-13605 | Form Maker by 10Web < 1.15.33 - Admin+ Stored XSS | Unknown | Form Maker by 10Web | 中危 | - | 2025-02-24 06:00:04 | Deep Dive |
| CVE-2024-12038 | Frontend Content Forms for User Submissions (UGC) <= 2.8.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'buddyforms_nav' Shortcode | themekraft | Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) | Medium | 6.4 | 2025-02-22 04:21:17 | Deep Dive |
| CVE-2024-13818 | Registration Forms – User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction <= 3.8.4 - Sensitive Information Exposure via Log Files | genetechproducts | Pie Register – User Registration, Profiles & Content Restriction | Medium | 5.3 | 2025-02-21 03:21:21 | Deep Dive |
| CVE-2025-1064 | Login/Signup Popup ( Inline Form + Woocommerce ) <= 2.8.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via xoo_el_action Shortcode | xootix | Login & Register Customizer – Popup | Slider | Inline | WooCommerce | Medium | 6.4 | 2025-02-20 08:22:07 | Deep Dive |
| CVE-2024-11778 | CanadaHelps Embedded Donation <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting | canadahelps | CanadaHelps Embedded Donation Form | Medium | 6.4 | 2025-02-19 07:32:12 | Deep Dive |
| CVE-2024-11582 | Subscribe2 – Form, Email Subscribers & Newsletters <= 10.43 - Unauthenticated Stored Cross-Site Scripting via IP Parameter | wedevs | Subscribe2 – Form, Email Subscribers & Newsletters | High | 7.2 | 2025-02-19 03:21:12 | Deep Dive |
| CVE-2024-13573 | Zigaform – Form Builder Lite <= 7.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting | softdiscover | Zigaform – Form Builder Lite | Medium | 6.4 | 2025-02-18 04:21:18 | Deep Dive |
| CVE-2024-13595 | Simple Signup Form <= 1.6.5 - Authenticated (Contributor+) SQL Injection | pantherius | Simple Signup Form | Medium | 6.5 | 2025-02-18 04:21:13 | Deep Dive |
| CVE-2024-13587 | Zigaform – Price Calculator & Cost Estimation Form Builder Lite <= 7.4.7 - Authenticated (Contributor+) Stored Cross-Site Scripting | softdiscover | Zigaform – Price Calculator & Cost Estimation Form Builder Lite | Medium | 6.4 | 2025-02-18 04:21:10 | Deep Dive |
| CVE-2025-24564 | WordPress Contact Form With Shortcode plugin <= 4.2.5 - Reflected Cross Site Scripting (XSS) vulnerability | aviplugins.com | Contact Form With Shortcode | High | 7.1 | 2025-02-14 12:44:34 | Deep Dive |
| CVE-2025-23658 | WordPress Advanced Angular Contact Form plugin <= 1.1.0 - Reflected Cross Site Scripting (XSS) vulnerability | Tauhidul Alam | Advanced Angular Contact Form | High | 7.1 | 2025-02-14 12:44:31 | Deep Dive |
| CVE-2025-23653 | WordPress Form To Online Booking plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability | Nabeel Tahir | Form To Online Booking | High | 7.1 | 2025-02-14 12:44:31 | Deep Dive |
| CVE-2025-23655 | WordPress Contact Form 7 – Paystack Add-on plugin <= 1.2.3 - Reflected Cross Site Scripting (XSS) vulnerability | crystalwebpro | Contact Form 7 – Paystack Add-on | High | 7.1 | 2025-02-14 12:44:31 | Deep Dive |
| CVE-2024-13121 | Paid Membership Plugin < 4.15.20 - Admin+ Stored XSS | Unknown | Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content | 中危 | - | 2025-02-13 06:00:12 | Deep Dive |