| CVE-2024-13120 | ProfilePress < 4.15.20 - Admin+ Stored XSS | Unknown | Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content | 中危 | - | 2025-02-13 06:00:12 | Deep Dive |
| CVE-2024-13119 | ProfilePress < 4.15.20 - Admin+ Stored XSS | Unknown | Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content | 中危 | - | 2025-02-13 06:00:06 | Deep Dive |
| CVE-2025-25128 | WordPress Facilita Form Tracker plugin <= 1.0 - CSRF to Stored XSS vulnerability | orlandolac | Facilita Form Tracker | High | 7.1 | 2025-02-07 10:11:47 | Deep Dive |
| CVE-2024-13829 | WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto <= 8.0.8 - Unauthenticated Sensitive Information Exposure | tripetto | WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto | Medium | 5.3 | 2025-02-05 05:22:32 | Deep Dive |
| CVE-2024-13403 | WPForms Lite <= 1.9.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via fieldHTML Parameter | smub | WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More | Medium | 6.4 | 2025-02-04 08:21:07 | Deep Dive |
| CVE-2024-12037 | Frontend Content Forms for User Submissions (UGC) <= 2.8.13 - Authenticated (Contributor+) Stored Cross-Site Scripting | themekraft | Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) | Medium | 6.4 | 2025-01-31 11:11:11 | Deep Dive |
| CVE-2024-12267 | Drag and Drop Multiple File Upload – Contact Form 7 <= 1.3.8.5 - Limited Arbitrary File Deletion | glenwpcoder | Drag and Drop Multiple File Upload for Contact Form 7 | Medium | 5.3 | 2025-01-31 11:11:09 | Deep Dive |
| CVE-2024-13504 | Shared Files – Frontend File Upload Form & Secure File Sharing <= 1.7.42 - Limited Unauthenticated Stored Cross-Site Scripting via File Upload | anssilaitila | Shared Files – Frontend File Upload Form & Secure File Sharing | High | 7.2 | 2025-01-31 05:22:35 | Deep Dive |
| CVE-2024-13717 | Contact Form and Calls To Action by vcita <= 2.7.1 - Missing Authorization to Authenticated (Subscriber+) Contact/Widget Toggle | vcita | Contact Form and Calls To Action by vcita | Medium | 4.3 | 2025-01-31 05:22:34 | Deep Dive |
| CVE-2024-11886 | Contact Form and Calls To Action by vcita <= 2.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting | vcita | Contact Form and Calls To Action by vcita | Medium | 6.4 | 2025-01-31 05:22:34 | Deep Dive |
| CVE-2025-0470 | Forminator <= 1.38.2 - Reflected Cross-Site Scripting via Title Parameter | wpmudev | Forminator Forms – Contact Form, Payment Form & Custom Form Builder | Medium | 6.1 | 2025-01-31 03:21:29 | Deep Dive |
| CVE-2024-13453 | Contact Form & SMTP Plugin for WordPress by PirateForms <= 2.6.0 - Unauthenticated Arbitrary Shortcode Execution | smub | Contact Form & SMTP Plugin for WordPress by PirateForms | High | 7.3 | 2025-01-30 11:10:20 | Deep Dive |
| CVE-2024-13758 | CP Contact Form with PayPal <= 1.3.52 - Cross-Site Request Forgery | codepeople | CP Contact Form with PayPal | Medium | 6.5 | 2025-01-30 08:21:26 | Deep Dive |
| CVE-2024-13470 | Ninja Forms – The Contact Form Builder That Grows With You <= 3.8.24 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | kstover | Ninja Forms – The Contact Form Builder That Grows With You | Medium | 6.4 | 2025-01-30 07:23:05 | Deep Dive |
| CVE-2024-12749 | Competition Form <= 2.0 - Reflected XSS | Unknown | Competition Form | 中危 | - | 2025-01-29 06:00:08 | Deep Dive |
| CVE-2024-13509 | WS Form LITE and PRO <= 1.10.13 - Unauthenticated Stored Cross-Site Scripting | westguard | WS Form LITE – Drag & Drop Contact Form Builder | High | 7.2 | 2025-01-28 06:38:42 | Deep Dive |
| CVE-2025-24708 | WordPress WP Dynamics CRM plugin <= 1.1.6 - Reflected Cross Site Scripting (XSS) vulnerability | CRM Perks | WP Dynamics CRM for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms | High | 7.1 | 2025-01-27 14:22:18 | Deep Dive |
| CVE-2024-13450 | Contact Form by Bit Form <= 2.17.4 - Authenticated (Administrator+) Server-Side Request Forgery | bitpressadmin | Bit Form – Custom Contact Form, Multi Step, Conversational Form & Payment Form builder | Low | 3.8 | 2025-01-25 08:23:16 | Deep Dive |
| CVE-2025-24726 | WordPress Contact Form 7 Widget plugin <= 1.2.1 - Stored Cross Site Scripting (XSS) vulnerability | HT Plugins | HT Contact Form 7 | Medium | 6.5 | 2025-01-24 17:25:17 | Deep Dive |
| CVE-2025-24723 | WordPress Booking Calendar Contact Form Plugin <= 1.2.55 - Stored Cross Site Scripting (XSS) vulnerability | codepeople | Booking Calendar Contact Form | Medium | 5.9 | 2025-01-24 17:25:13 | Deep Dive |