| CVE-2024-56276 | WordPress WPForms Lite plugin <= 1.9.2.2 - Broken Access Control vulnerability | Syed Balkhi | Contact Form by WPForms | Medium | 4.3 | 2025-01-07 10:49:25 | Deep Dive |
| CVE-2024-56293 | WordPress AFI – The Easiest Integration Plugin <= 1.95.0 - Cross Site Scripting (XSS) vulnerability | Nasir Ahmed | Advanced Form Integration | Medium | 5.9 | 2025-01-07 10:49:12 | Deep Dive |
| CVE-2025-22351 | WordPress Contact Form 7 Database – CFDB7 plugin <= 1.0.0 - SQL Injection vulnerability | penguinarts | Contact Form 7 Database – CFDB7 | High | 7.6 | 2025-01-07 10:48:40 | Deep Dive |
| CVE-2024-12624 | Sina Extension for Elementor <= 3.5.91 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Sina Image Differ | shaonsina | Sina Extension for Elementor | Medium | 6.4 | 2025-01-07 06:40:57 | Deep Dive |
| CVE-2024-10562 | Form Maker by 10Web < 1.15.31 - Admin+ Stored XSS | Unknown | Form Maker by 10Web | 中危 | - | 2025-01-07 06:00:03 | Deep Dive |
| CVE-2024-12419 | Design for Contact Form 7 Style WordPress Plugin – CF7 WOW Styler <= 1.7.1 - Unauthenticated Arbitrary Shortcode Execution and Reflected Cross-Site Scripting | tobias_conrad | WOW Styler for CF7 – Visual Styler for Contact Form 7 Forms | Medium | 6.5 | 2025-01-07 03:21:56 | Deep Dive |
| CVE-2024-11934 | Formaloo Form Maker & Customer Analytics for WordPress & WooCommerce <= 2.1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | formaloo | Formaloo Form Maker & Customer Analytics for WordPress & WooCommerce | Medium | 6.4 | 2025-01-07 03:21:55 | Deep Dive |
| CVE-2023-47693 | WordPress Ultimate Addons for Contact Form 7 plugin <= 3.2.6 - Broken Access Control vulnerability | Themefic | Ultimate Addons for Contact Form 7 | 中危 | - | 2025-01-02 12:00:39 | Deep Dive |
| CVE-2023-46206 | WordPress MW WP Form plugin <= 4.4.5 - Broken Access Control vulnerability | Webの相談所 | MW WP Form | 中危 | - | 2025-01-02 12:00:17 | Deep Dive |
| CVE-2023-46080 | WordPress ApplyOnline – Application Form Builder and Manager plugin <= 2.5.3 - Broken Access Control vulnerability | Farhan Noor | ApplyOnline – Application Form Builder and Manager | Medium | 4.3 | 2025-01-02 11:59:58 | Deep Dive |
| CVE-2024-56002 | WordPress Contact Form, Survey & Form Builder – MightyForms plugin <= 1.3.9 - Broken Access Control vulnerability | mightyforms | Contact Form, Survey & Form Builder – MightyForms | Medium | 6.4 | 2024-12-31 13:50:18 | Deep Dive |
| CVE-2024-56215 | WordPress Member Directory and Contact Form plugin <= 1.7.0 - Broken Access Control vulnerability | DBAR Productions | Member Directory and Contact Form | Medium | 4.3 | 2024-12-31 10:17:30 | Deep Dive |
| CVE-2024-56218 | WordPress Contact Form 7 - Dynamic Text Extension plugin <= 5.0.1 - Cross Site Request Forgery (CSRF) vulnerability | sevenspark | Contact Form 7 – Dynamic Text Extension | Medium | 4.3 | 2024-12-31 10:12:52 | Deep Dive |
| CVE-2024-12238 | Ninja Forms – The Contact Form Builder That Grows With You <= 3.8.22 - Authenticated (Subscriber+) Arbitrary Shortcode Execution | kstover | Ninja Forms – The Contact Form Builder That Grows With You | Medium | 6.3 | 2024-12-29 05:22:54 | Deep Dive |
| CVE-2024-10862 | NEX-Forms <= 8.7.15 - Authenticated (Admin+) SQL Injection | webaways | NEX-Forms – Ultimate Forms Plugin for WordPress | Medium | 4.9 | 2024-12-25 06:42:14 | Deep Dive |
| CVE-2024-12428 | WP Data Access – App, Table, Form and Chart Builder plugin <= 5.5.22 - Unauthenticated SQL Injection | peterschulznl | WP Data Access – App Builder for Tables, Forms, Charts, Maps & Dashboards | High | 7.5 | 2024-12-25 04:22:04 | Deep Dive |
| CVE-2024-12190 | Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder <= 2.17.3 - Missing Authorization to Authenticated (Subscriber+) Form Submission Disclosure | bitpressadmin | Bit Form – Custom Contact Form, Multi Step, Conversational Form & Payment Form builder | Medium | 4.3 | 2024-12-25 03:21:32 | Deep Dive |
| CVE-2024-12250 | Accept Authorize.NET Payments Using Contact Form 7 <= 2.2 - Unauthenticated Information Exposure | zealopensource | Accept Authorize.NET Payments Using Contact Form 7 | Medium | 5.3 | 2024-12-18 03:22:07 | Deep Dive |
| CVE-2024-12601 | Calculated Fields Form <= 5.2.63 - Denial of Service | codepeople | Calculated Fields Form | Medium | 5.3 | 2024-12-17 11:10:18 | Deep Dive |
| CVE-2024-55990 | WordPress Mollie for Contact Form 7 plugin <= 5.0.0 - SQL Injection vulnerability | tsjippy | Mollie for Contact Form 7 | High | 7.6 | 2024-12-16 14:13:38 | Deep Dive |