| CVE-2024-10646 | Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.2.6 - Unauthenticated Stored Cross-Site Scripting via Form Subject | techjewel | Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder | High | 7.2 | 2024-12-14 05:34:14 | Deep Dive |
| CVE-2024-54343 | WordPress Connect Contact Form 7 to Constant Contact plugin <= 1.4 - Reflected Cross Site Scripting (XSS) vulnerability | thehowarde | Connect Contact Form 7 to Constant Contact | High | 7.1 | 2024-12-13 14:25:41 | Deep Dive |
| CVE-2024-54239 | WordPress Eyewear prescription form plugin <= 4.0.18 - Arbitrary Option Update to Privilege Escalation vulnerability | dugudlabs | Eyewear prescription form | Critical | 9.8 | 2024-12-13 14:24:33 | Deep Dive |
| CVE-2023-41952 | WordPress Fluent Forms plugin <= 5.0.8 - Broken Access Control vulnerability | Contact Form - WPManageNinja LLC | FluentForm | Medium | 5.3 | 2024-12-13 14:24:25 | Deep Dive |
| CVE-2023-41862 | WordPress VS Contact Form plugin <= 14.0 - Sum Captcha Bypass vulnerability | Guido | VS Contact Form | Medium | 5.3 | 2024-12-13 14:24:21 | Deep Dive |
| CVE-2023-39920 | WordPress Redirection for Contact Form 7 plugin <= 2.9.2 - Broken Access Control vulnerability | Themeisle | Redirection for Contact Form 7 | 高危 | - | 2024-12-13 14:23:59 | Deep Dive |
| CVE-2023-32519 | WordPress WCP Contact Form plugin <= 3.1.0 - Broken Access Control vulnerability | Webcodin | WCP Contact Form | Medium | 4.3 | 2024-12-13 14:23:23 | Deep Dive |
| CVE-2023-32520 | WordPress WCP Contact Form plugin <= 3.1.0 - Broken Access Control vulnerability | Webcodin | WCP Contact Form | High | 7.5 | 2024-12-13 14:23:23 | Deep Dive |
| CVE-2022-45806 | WordPress Formidable Forms plugin <= 5.5.4 - Broken Access Control vulnerability | Strategy11 Form Builder Team | Formidable Forms | Medium | 4.3 | 2024-12-13 14:22:02 | Deep Dive |
| CVE-2024-12201 | Hash Form <= 1.2.1 - Missing Authorization to Authenticated (Contributor+) Form Style Creation | hashthemes | Hash Form – Drag & Drop Form Builder | Medium | 4.3 | 2024-12-12 06:46:34 | Deep Dive |
| CVE-2024-10518 | ProfilePress < 4.15.15 - Admin+ Stored XSS | Unknown | Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content | 中危 | - | 2024-12-12 06:00:18 | Deep Dive |
| CVE-2024-10517 | ProfilePress < 4.15.15 - Admin+ Stored XSS | Unknown | Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content | 中危 | - | 2024-12-12 06:00:17 | Deep Dive |
| CVE-2024-11052 | Ninja Forms – The Contact Form Builder That Grows With You <= 3.8.19 - Unauthenticated Stored Cross-Site Scripting via Form Calculations | kstover | Ninja Forms – The Contact Form Builder That Grows With You | High | 7.2 | 2024-12-12 05:24:24 | Deep Dive |
| CVE-2024-12255 | Accept Stripe Payments Using Contact Form 7 <= 2.5 - Unauthenticated Information Exposure | zealopensource | Accept Stripe Payments Using Contact Form 7 | Medium | 5.3 | 2024-12-12 05:24:22 | Deep Dive |
| CVE-2024-12258 | WP Service Payment Form With Authorize.net <= 2.6.3 - Reflected Cross-Site Scripting | shivtiwari | WP Service Payment Form With Authorize.net | Medium | 6.1 | 2024-12-12 03:23:11 | Deep Dive |
| CVE-2024-12341 | Custom Skins Contact Form 7 <= 1.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Update and Skin Creation | mahendrapatidarmp | Custom Skins Contact Form 7 | Medium | 4.3 | 2024-12-12 03:23:05 | Deep Dive |
| CVE-2024-11205 | WPForms 1.8.4 - 1.9.2.1 - Missing Authorization to Authenticated (Subscriber+) Payment Refund and Subscription Cancellation | smub | WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More | High | 8.5 | 2024-12-10 04:23:41 | Deep Dive |
| CVE-2024-54254 | WordPress Message Filter for Contact Form 7 plugin <= 1.6.3 - Broken Access Control vulnerability | Kofi Mokome | Message Filter for Contact Form 7 | Medium | 6.3 | 2024-12-09 12:42:13 | Deep Dive |
| CVE-2024-54223 | WordPress ARForms plugin <= 1.7.1 - HTML Injection vulnerability | reputeinfosystems | ARForms Form Builder | Medium | 5.3 | 2024-12-09 11:31:59 | Deep Dive |
| CVE-2023-23895 | WordPress WP Time Slots Booking Form plugin <= 1.1.82 - Broken Access Control vulnerability | CodePeople | WP Time Slots Booking Form | Medium | 4.7 | 2024-12-09 11:31:44 | Deep Dive |