| CVE-2024-0907 | NEX-Forms – Ultimate Form Builder – Contact forms and much more <= 8.5.6 - Missing Authorization via restore_records() | webaways | NEX-Forms – Ultimate Forms Plugin for WordPress | Medium | 5.3 | 2024-02-01 04:31:54 | Deep Dive |
| CVE-2024-22305 | WordPress Contact Form builder with drag & drop - Kali Forms Plugin <= 2.3.36 is vulnerable to Insecure Direct Object References (IDOR) | ali Forms | Contact Form builder with drag & drop for WordPress – Kali Forms | High | 7.5 | 2024-01-31 11:49:29 | Deep Dive |
| CVE-2024-1069 | Contact Form Entries <= 1.3.2 - Authenticated (Administrator+) Arbitrary File Upload | crmperks | Database for Contact Form 7, WPforms, Elementor forms | High | 7.2 | 2024-01-31 02:35:10 | Deep Dive |
| CVE-2024-0618 | Fluent Forms <= 5.1.5 - Authenticated(Administrator+) Stored Cross-Site Scripting via imported form title | techjewel | Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder | Medium | 4.4 | 2024-01-27 05:38:22 | Deep Dive |
| CVE-2023-1405 | Formidable Forms < 6.2 - Unauthenticated PHP Object Injection | Unknown | Formidable Forms | 高危 | - | 2024-01-16 15:56:19 | Deep Dive |
| CVE-2022-0402 | Superforms < 6.0.4 - Reflected Cross-Site Scripting | Unknown | Super Forms - Drag & Drop Form Builder | 中危 | - | 2024-01-16 15:51:01 | Deep Dive |
| CVE-2023-4925 | Easy Forms for Mailchimp <= 6.8.10 - Admin+ Stored Cross-Site Scripting | Unknown | Easy Forms for Mailchimp | 高危 | - | 2024-01-15 15:10:44 | Deep Dive |
| CVE-2023-6941 | Keap Official Opt-in Forms <= 1.0.11 - Admin+ Stored XSS | Unknown | Keap Official Opt-in Forms | 中危 | - | 2024-01-15 15:10:39 | Deep Dive |
| CVE-2024-22137 | WordPress Constant Contact Forms by MailMunch Plugin <= 2.0.11 is vulnerable to Cross Site Scripting (XSS) | MailMunch | Constant Contact Forms by MailMunch | Medium | 6.5 | 2024-01-12 23:20:31 | Deep Dive |
| CVE-2023-6504 | Profile Builder <= 3.10.7 - Insecure Direct Object Reference to Sensitive Information Exposure via user_meta Shortcode | cozmoslabs | User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor | Medium | 4.3 | 2024-01-11 08:33:09 | Deep Dive |
| CVE-2023-6220 | Piotnet Forms <= 1.0.28 - Unauthenticated Arbitrary File Upload | piotnetdotcom | Piotnet Forms | High | 8.1 | 2024-01-11 08:32:51 | Deep Dive |
| CVE-2023-6830 | Formidable Forms <= 6.7 - HTML Injection | strategy11team | Formidable Forms – Contact Form Plugin, Survey, Quiz, Payment, Calculator Form & Custom Form Builder | Medium | 6.5 | 2024-01-09 06:41:01 | Deep Dive |
| CVE-2023-6842 | Formidable Forms <= 6.7 - Authenticated (Administrator+) Stored Cross-Site Scripting | strategy11team | Formidable Forms – Contact Form Plugin, Survey, Quiz, Payment, Calculator Form & Custom Form Builder | Medium | 4.4 | 2024-01-09 06:41:00 | Deep Dive |
| CVE-2023-52208 | WordPress Constant Contact Forms Plugin <= 2.4.2 is vulnerable to Sensitive Data Exposure | Constant Contact | Constant Contact Forms | Medium | 5.3 | 2024-01-08 18:57:40 | Deep Dive |
| CVE-2023-52120 | WordPress NEX-Forms – Ultimate Form Builder Plugin <= 8.5.2 is vulnerable to Cross Site Request Forgery (CSRF) | Basix | NEX-Forms – Ultimate Form Builder – Contact forms and much more | Medium | 5.4 | 2024-01-05 09:25:37 | Deep Dive |
| CVE-2023-51412 | WordPress Piotnet Forms Plugin <= 1.0.25 is vulnerable to Arbitrary File Upload | Piotnet | Piotnet Forms | Critical | 9.0 | 2023-12-29 13:47:39 | Deep Dive |
| CVE-2023-51358 | WordPress Block IPs for Gravity Forms Plugin <= 1.0.1 is vulnerable to Cross Site Request Forgery (CSRF) | Bright Plugins | Block IPs for Gravity Forms | Medium | 5.4 | 2023-12-29 12:11:08 | Deep Dive |
| CVE-2023-50891 | WordPress Zoho Forms Plugin <= 3.0.1 is vulnerable to Cross Site Scripting (XSS) | Zoho Forms | Form plugin for WordPress – Zoho Forms | Medium | 6.5 | 2023-12-29 11:19:02 | Deep Dive |
| CVE-2023-31095 | WordPress Integration for Contact Form 7 HubSpot Plugin <= 1.2.8 is vulnerable to Open Redirection | CRM Perks | Integration for HubSpot and Contact Form 7, WPForms, Elementor, Ninja Forms | Medium | 4.7 | 2023-12-29 09:50:01 | Deep Dive |
| CVE-2023-50838 | WordPress NEX-Forms – Ultimate Form Builder Plugin <= 8.5.5 is vulnerable to SQL Injection | Basix | NEX-Forms – Ultimate Form Builder – Contact forms and much more | High | 7.6 | 2023-12-28 20:04:59 | Deep Dive |