| CVE-2024-29110 | WordPress Tablesome plugin <= 1.0.27 - Cross Site Scripting (XSS) vulnerability | Pauple | Table & Contact Form 7 Database – Tablesome | High | 7.1 | 2024-03-19 15:07:41 | Deep Dive |
| CVE-2024-29130 | WordPress Contact Form 7 – PayPal & Stripe Add-on plugin <= 2.0 - Reflected Cross Site Scripting (XSS) vulnerability | Scott Paterson | Contact Form 7 – PayPal & Stripe Add-on | High | 7.1 | 2024-03-19 13:55:18 | Deep Dive |
| CVE-2024-27961 | WordPress AntiSpam for Contact Form 7 plugin <= 0.6.0 - Reflected Cross Site Scripting (XSS) vulnerability | Codekraft | AntiSpam for Contact Form 7 | High | 7.1 | 2024-03-17 16:33:28 | Deep Dive |
| CVE-2024-2242 | Contact Form 7 <= 5.9 - Reflected Cross-Site Scripting | rocklobsterinc | Contact Form 7 | Medium | 6.1 | 2024-03-13 21:32:56 | Deep Dive |
| CVE-2023-6957 | Fluent Forms <= 5.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting | techjewel | Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder | Medium | 4.9 | 2024-03-13 15:27:25 | Deep Dive |
| CVE-2024-2030 | Database for Contact Form 7, WPforms, Elementor forms <= 1.3.3 - Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode | crmperks | Database for Contact Form 7, WPforms, Elementor forms | Medium | 6.4 | 2024-03-13 15:27:14 | Deep Dive |
| CVE-2024-1640 | Contact Form Builder Plugin: Multi Step Contact Form, Payment Form, Custom Contact Form Plugin by Bit Form <= 2.10.1 - Unauthenticated Insecure Direct Object Reference to Form Submission Alteration | bitpressadmin | Bit Form – Custom Contact Form, Multi Step, Conversational Form & Payment Form builder | Medium | 5.3 | 2024-03-13 15:26:47 | Deep Dive |
| CVE-2024-1585 | Metform Elementor Contact Form Builder <= 3.8.3 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode | roxnor | MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor | Medium | 6.4 | 2024-03-13 15:26:42 | Deep Dive |
| CVE-2024-0386 | weForms <= 1.6.21 - Unauthenticated Stored Cross-Site Scripting via Referer | boldgrid | weForms – Easy Drag & Drop Contact Form Builder For WordPress | High | 7.2 | 2024-03-12 21:34:34 | Deep Dive |
| CVE-2024-1719 | Easy PayPal & Stripe Buy Now Button <= 1.8.3 & Contact Form 7 – PayPal & Stripe Add-on <= 2.1 - Cross-Site Request Forgery to Settings Update | scottpaterson | Easy PayPal & Stripe Buy Now Button | Medium | 4.3 | 2024-02-28 09:33:35 | Deep Dive |
| CVE-2024-1778 | Admin side data storage for Contact Form 7 <= 1.1.1 - Missing Authorization to Unauthenticated Bookmark Status Alteration | zestardtechnologies | Admin side data storage for Contact Form 7 | Medium | 4.3 | 2024-02-23 06:48:19 | Deep Dive |
| CVE-2024-1776 | Admin side data storage for Contact Form 7 <= 1.1.1 - Authenticated (Admin+) SQL Injection | zestardtechnologies | Admin side data storage for Contact Form 7 | High | 7.2 | 2024-02-23 06:48:18 | Deep Dive |
| CVE-2024-1777 | Admin side data storage for Contact Form 7 <= 1.1.1 - Cross-Site Request Forgery | zestardtechnologies | Admin side data storage for Contact Form 7 | Medium | 4.3 | 2024-02-23 06:48:18 | Deep Dive |
| CVE-2024-1779 | Admin side data storage for Contact Form 7 plugin <= 1.1.1 - Missing Authorization to Unauthenticated Read Status Update | zestardtechnologies | Admin side data storage for Contact Form 7 | Medium | 5.3 | 2024-02-23 06:48:17 | Deep Dive |
| CVE-2024-1218 | Contact Form builder with drag & drop for WordPress – Kali Forms <= 2.3.41 - Missing Authorization | wpchill | Kali Forms — Contact Form & Drag-and-Drop Builder | Medium | 4.3 | 2024-02-20 18:56:50 | Deep Dive |
| CVE-2024-1217 | Contact Form builder with drag & drop for WordPress – Kali Forms <= 2.3.41 - Missing Authorization to Arbitrary Plugin Deactivation | wpchill | Kali Forms — Contact Form & Drag-and-Drop Builder | High | 7.6 | 2024-02-20 18:56:35 | Deep Dive |
| CVE-2024-24884 | WordPress Contact Form 7 Connector Plugin <= 1.2.2 is vulnerable to Cross Site Request Forgery (CSRF) | ARI Soft | Contact Form 7 Connector | Medium | 4.3 | 2024-02-12 08:46:55 | Deep Dive |
| CVE-2024-24887 | WordPress Contest Gallery Plugin <= 21.2.8.4 is vulnerable to Cross Site Request Forgery (CSRF) | Contest Gallery | Photos and Files Contest Gallery – Contact Form, Upload Form, Social Share and Voting Plugin for WordPress | Medium | 5.4 | 2024-02-12 08:43:27 | Deep Dive |
| CVE-2024-24929 | WordPress WP Contact Form Plugin <= 1.6 is vulnerable to Cross Site Request Forgery (CSRF) | Ryan Duff, Peter Westwood | WP Contact Form | Medium | 4.3 | 2024-02-12 08:39:27 | Deep Dive |
| CVE-2023-6953 | PDF Generator For Fluent Forms <= 1.1.7 - Cross-Site Scripting | wpmanageninja | Fluent PDF Generator | Medium | 4.9 | 2024-02-05 21:21:59 | Deep Dive |