| CVE-2024-2258 | Form Maker by 10Web <= 1.15.24 - Authenticated (Subscriber+) Stored Self-Based Cross-Site Scripting | 10web | Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder | Medium | 4.4 | 2024-04-27 03:33:35 | Deep Dive |
| CVE-2024-33677 | WordPress Contact Form 7 Extension For Mailchimp plugin <= 0.5.70 - Cross Site Request Forgery (CSRF) vulnerability | Renzo Johnson | Contact Form 7 Extension For Mailchimp | Medium | 4.3 | 2024-04-26 10:43:47 | Deep Dive |
| CVE-2023-36505 | WordPress Ninja Forms Plugin <= 3.6.24 is vulnerable to Arbitrary File Deletion | Saturday Drive | Ninja Forms Contact Form | Medium | 6.8 | 2024-04-17 09:09:33 | Deep Dive |
| CVE-2024-31388 | WordPress Tablesome plugin <= 1.0.25 - Cross Site Request Forgery (CSRF) vulnerability | Pauple | Table & Contact Form 7 Database – Tablesome | Medium | 4.3 | 2024-04-15 10:11:48 | Deep Dive |
| CVE-2024-32147 | WordPress Contact Form Plugin plugin <= 1.1.23 - Cross Site Scripting (XSS) vulnerability | Form Plugin Team - GhozyLab | Easy Contact Form Lite | Medium | 6.5 | 2024-04-15 06:32:09 | Deep Dive |
| CVE-2024-31302 | WordPress Contact Form Email plugin <= 1.3.44 - Sensitive Data Exposure vulnerability | CodePeople | Contact Form Email | Medium | 5.3 | 2024-04-10 15:32:41 | Deep Dive |
| CVE-2024-2198 | Contact Form by BestWebSoft <= 4.2.8 - Reflected Cross-Site Scripting via cntctfrm_contact_address | bestwebsoft | Contact Form by BestWebSoft – Advanced WP Contact Form Builder for WordPress | Medium | 6.1 | 2024-04-09 18:58:51 | Deep Dive |
| CVE-2024-2112 | Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder <= 1.15.22 - Sensitive Information Exposure | 10web | Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder | Medium | 5.9 | 2024-04-09 18:58:50 | Deep Dive |
| CVE-2024-1794 | Forminator <= 1.29.0 - Unauthenticated Stored Cross-Site Scripting via File Upload | wpmudev | Forminator Forms – Contact Form, Payment Form & Custom Form Builder | High | 7.2 | 2024-04-09 18:58:39 | Deep Dive |
| CVE-2024-2200 | Contact Form by BestWebSoft <= 4.2.8 - Reflected Cross-Site Scripting via cntctfrm_contact_subject | bestwebsoft | Contact Form by BestWebSoft – Advanced WP Contact Form Builder for WordPress | Medium | 6.1 | 2024-04-09 18:58:39 | Deep Dive |
| CVE-2024-3053 | Forminator – Contact Form, Payment Form & Custom Form Builder <= 1.29.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via forminator_form Shortcode | wpmudev | Forminator Forms – Contact Form, Payment Form & Custom Form Builder | Medium | 6.4 | 2024-04-09 18:58:35 | Deep Dive |
| CVE-2024-2791 | Metform Elementor Contact Form Builder <= 3.8.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Widgets | roxnor | MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor | Medium | 6.4 | 2024-04-02 05:32:49 | Deep Dive |
| CVE-2024-31110 | WordPress Contact Form 7 Newsletter plugin <= 2.2 - Cross Site Scripting (XSS) vulnerability | Katz Web Services, Inc. | Contact Form 7 Newsletter | High | 7.1 | 2024-03-31 18:57:53 | Deep Dive |
| CVE-2024-2108 | Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress <= 3.8.0 - Authenticated (Author+) Stored Cross-Site Scripting | kstover | Ninja Forms – The Contact Form Builder That Grows With You | Medium | 4.6 | 2024-03-29 06:44:01 | Deep Dive |
| CVE-2024-2113 | Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress <= 3.8.0 - Cross-Site Request Forgery to Publicly Accessible Form Submission Export | kstover | Ninja Forms – The Contact Form Builder That Grows With You | Medium | 4.3 | 2024-03-29 06:43:58 | Deep Dive |
| CVE-2024-30242 | WordPress Contact Form to Any API plugin <= 1.1.8 - Auth. SQL Injection vulnerability | IT Path Solutions | Contact Form to Any API | High | 8.5 | 2024-03-28 04:35:10 | Deep Dive |
| CVE-2023-52214 | WordPress Void Contact Form 7 Widget For Elementor Page Builder plugin <= 2.3 - Broken Access Control vulnerability | voidCoders | Void Contact Form 7 Widget For Elementor Page Builder | Medium | 4.3 | 2024-03-26 12:37:57 | Deep Dive |
| CVE-2023-45771 | WordPress Contact Form With Captcha plugin <= 1.6.8 - Reflected Cross Site Scripting (XSS) vulnerability | Contact Form With Captcha | Contact Form With Captcha | High | 7.1 | 2024-03-26 08:27:56 | Deep Dive |
| CVE-2024-2387 | Advanced Form Integration – Connect WooCommerce and Contact Form 7 to Google Sheets and other platforms <= 1.82.0 - SQL Injection to Reflected Cross-Site Scripting via integration_id | nasirahmed | AFI – The Easiest Integration Plugin | Medium | 6.1 | 2024-03-20 01:57:56 | Deep Dive |
| CVE-2024-29103 | WordPress Database for Contact Form 7 plugin <= 3.0.6 - Unauthenticated Cross Site Scripting (XSS) vulnerability | NinjaTeam | Database for Contact Form 7 | High | 7.1 | 2024-03-19 15:43:40 | Deep Dive |