| CVE-2023-52120 | WordPress NEX-Forms – Ultimate Form Builder Plugin <= 8.5.2 is vulnerable to Cross Site Request Forgery (CSRF) | Basix | NEX-Forms – Ultimate Form Builder – Contact forms and much more | Medium | 5.4 | 2024-01-05 09:25:37 | Deep Dive |
| CVE-2023-50896 | WordPress weForms Plugin <= 1.6.17 is vulnerable to Cross Site Scripting (XSS) | weForms | weForms – Easy Drag & Drop Contact Form Builder For WordPress | Medium | 5.9 | 2023-12-29 11:09:16 | Deep Dive |
| CVE-2023-31095 | WordPress Integration for Contact Form 7 HubSpot Plugin <= 1.2.8 is vulnerable to Open Redirection | CRM Perks | Integration for HubSpot and Contact Form 7, WPForms, Elementor, Ninja Forms | Medium | 4.7 | 2023-12-29 09:50:01 | Deep Dive |
| CVE-2023-50838 | WordPress NEX-Forms – Ultimate Form Builder Plugin <= 8.5.5 is vulnerable to SQL Injection | Basix | NEX-Forms – Ultimate Form Builder – Contact forms and much more | High | 7.6 | 2023-12-28 20:04:59 | Deep Dive |
| CVE-2023-50853 | WordPress Connect Contact Form 7, WooCommerce To Google Sheets & Other Platforms – Advanced Form Integration Plugin <= 1.75.0 is vulnerable to SQL Injection | Nasirahmed | Advanced Form Integration – Connect WooCommerce and Contact Form 7 to Google Sheets and other platforms | High | 7.6 | 2023-12-28 11:25:44 | Deep Dive |
| CVE-2023-50830 | WordPress Seos Contact Form Plugin <= 1.8.0 is vulnerable to Cross Site Scripting (XSS) | Seosbg | Seos Contact Form | Medium | 5.9 | 2023-12-21 17:15:04 | Deep Dive |
| CVE-2023-29096 | WordPress Contact Form to DB by BestWebSoft Plugin <= 1.7.0 is vulnerable to SQL Injection | BestWebSoft | Contact Form to DB by BestWebSoft – Messages Database Plugin For WordPress | High | 8.5 | 2023-12-20 17:16:06 | Deep Dive |
| CVE-2023-30495 | WordPress Ultimate Addons for Contact Form 7 Plugin <= 3.1.23 is vulnerable to SQL Injection | Themefic | Ultimate Addons for Contact Form 7 | High | 8.5 | 2023-12-20 17:09:25 | Deep Dive |
| CVE-2023-37982 | WordPress Integration for Contact Form 7 and Salesforce Plugin <= 1.3.3 is vulnerable to Open Redirection | CRM Perks | Integration for Salesforce and Contact Form 7, WPForms, Elementor, Ninja Forms | Medium | 4.7 | 2023-12-19 20:07:31 | Deep Dive |
| CVE-2023-5005 | Autocomplete Location field Contact Form 7 < 3.0 - Admin+ Store Cross-Site Scripting | Unknown | Autocomplete Location field Contact Form 7 | - | - | 2023-12-18 20:07:55 | Deep Dive |
| CVE-2023-49188 | WordPress Track Geolocation Of Users Using Contact Form 7 Plugin <= 2.0 is vulnerable to Cross Site Scripting (XSS) | ZealousWeb | Track Geolocation Of Users Using Contact Form 7 | Medium | 5.9 | 2023-12-15 15:05:28 | Deep Dive |
| CVE-2023-49766 | WordPress Ultimate Addons for Contact Form 7 Plugin <= 3.2.0 is vulnerable to Cross Site Scripting (XSS) | Themefic | Ultimate Addons for Contact Form 7 | High | 7.1 | 2023-12-14 15:42:37 | Deep Dive |
| CVE-2023-5955 | Contact Form Email < 1.3.44 - Editor+ Stored Cross-Site Scripting | Unknown | Contact Form Email | - | - | 2023-12-11 19:30:27 | Deep Dive |
| CVE-2023-47779 | WordPress Integration for Contact Form 7 and Constant Contact Plugin <= 1.1.4 is vulnerable to Open Redirection | CRM Perks | Integration for Constant Contact and Contact Form 7, WPForms, Elementor, Ninja Forms | Medium | 4.7 | 2023-12-07 12:11:33 | Deep Dive |
| CVE-2023-35909 | WordPress Ninja Forms Plugin <= 3.6.25 is vulnerable to Denial of Service Attack | Saturday Drive | Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress | Medium | 5.3 | 2023-12-07 11:15:27 | Deep Dive |
| CVE-2023-5141 | BSK Contact Form 7 Blacklist <= 1.0.1 - Reflected Cross-Site Scripting | Unknown | BSK Contact Form 7 Blacklist | - | - | 2023-12-04 21:29:50 | Deep Dive |
| CVE-2023-5990 | Funnelforms Free < 3.4.2 - Form Deletion/Duplication via CSRF | Unknown | Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor | - | - | 2023-12-04 21:29:11 | Deep Dive |
| CVE-2023-6449 | Contact Form 7 <= 5.8.3 - Authenticated (Editor+) Arbitrary File Upload | rocklobsterinc | Contact Form 7 | Medium | 6.6 | 2023-12-01 11:00:06 | Deep Dive |
| CVE-2023-45609 | WordPress Powr Pack Plugin <= 2.1.0 is vulnerable to Cross Site Scripting (XSS) | POWR.io | Contact Form – Custom Builder, Payment Form, and More | Medium | 6.5 | 2023-11-30 15:52:28 | Deep Dive |
| CVE-2023-5385 | Funnelforms Free <= 3.4 - Missing Authorization to Arbitrary Post Duplication | funnelforms | Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free | Medium | 4.3 | 2023-11-22 15:33:37 | Deep Dive |