| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2023-5383 | Funnelforms Free <= 3.4 - Cross-Site Request Forgery to Arbitrary Post Duplication | funnelforms | Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free | Medium | 4.3 | 2023-11-22 15:33:35 | Deep Dive |
| CVE-2023-5387 | Funnelforms Free <= 3.4 - Missing Authorization to Enable/Disable Dark Mode | funnelforms | Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free | Medium | 4.3 | 2023-11-22 15:33:35 | Deep Dive |
| CVE-2023-5416 | Funnelforms Free <= 3.4 - Missing Authorization to Category Deletion | funnelforms | Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free | Medium | 4.3 | 2023-11-22 15:33:32 | Deep Dive |
| CVE-2023-5411 | Funnelforms Free <= 3.4 - Missing Authorization to Post Modification | funnelforms | Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free | Medium | 4.3 | 2023-11-22 15:33:30 | Deep Dive |
| CVE-2023-5382 | Funnelforms Free <= 3.4 - Cross-Site Request Forgery to Arbitrary Post Deletion | funnelforms | Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free | Medium | 6.5 | 2023-11-22 15:33:28 | Deep Dive |
| CVE-2023-5415 | Funnelforms Free <= 3.4 - Missing Authorization to New Category Creation | funnelforms | Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free | Medium | 4.3 | 2023-11-22 15:33:27 | Deep Dive |
| CVE-2023-5419 | Funnelforms Free <= 3.4 - Missing Authorization to Test Email Sending | funnelforms | Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free | Medium | 4.3 | 2023-11-22 15:33:25 | Deep Dive |
| CVE-2023-5386 | Funnelforms Free <= 3.4 - Missing Authorization to Arbitrary Post Deletion | funnelforms | Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free | Medium | 6.5 | 2023-11-22 15:33:23 | Deep Dive |
| CVE-2023-5822 | Drag and Drop Multiple File Upload - Contact Form 7 <= 1.3.7.3 - Unauthenticated Arbitrary File Upload | glenwpcoder | Drag and Drop Multiple File Upload for Contact Form 7 | High | 8.1 | 2023-11-22 15:33:21 | Deep Dive |
| CVE-2023-5417 | Funnelforms Free <= 3.4 - Missing Authorization to Category Update | funnelforms | Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free | Medium | 4.3 | 2023-11-22 15:33:20 | Deep Dive |
| CVE-2023-6133 | Forminator <= 1.27.0 - Authenticated (Administrator+) Arbitrary File Upload | wpmudev | Forminator Forms – Contact Form, Payment Form & Custom Form Builder | Medium | 6.6 | 2023-11-15 06:40:46 | Deep Dive |
| CVE-2023-5741 | POWR <= 2.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | powr | Custom Form Builder, Contact Forms, Payment Forms, Surveys, Polls | Medium | 6.4 | 2023-11-13 07:31:16 | Deep Dive |
| CVE-2023-23796 | WordPress Form Builder Plugin <= 1.9.9.0 is vulnerable to CSV Injection | Muneeb | Form Builder | Create Responsive Contact Forms | 超危 | - | 2023-11-07 16:01:38 | Deep Dive |
| CVE-2023-5530 | Ninja Forms < 3.6.34 - Admin+ Stored XSS | Unknown | Ninja Forms Contact Form | 中危 | - | 2023-11-06 20:41:41 | Deep Dive |
| CVE-2023-46824 | WordPress Slick Popup Plugin <= 1.7.14 is vulnerable to Cross Site Scripting (XSS) | Om Ak Solutions | Slick Popup: Contact Form 7 Popup Plugin | 中危 | - | 2023-11-06 09:43:43 | Deep Dive |
| CVE-2023-35911 | WordPress Contact Form Generator Plugin <= 2.6.0 is vulnerable to SQL Injection | Creative Solutions | Contact Form Generator : Creative form builder for WordPress | 超危 | - | 2023-11-06 08:44:51 | Deep Dive |
| CVE-2023-40609 | WordPress Contact form 7 Custom validation Plugin <= 1.1.3 is vulnerable to SQL Injection | Aiyaz, maheshpatel | Contact form 7 Custom validation | 超危 | - | 2023-11-06 08:15:24 | Deep Dive |
| CVE-2023-35910 | WordPress Quasar form Plugin <= 6.0 is vulnerable to SQL Injection | Nucleus_genius | Quasar form free – Contact Form Builder for WordPress | 高危 | - | 2023-11-03 23:11:33 | Deep Dive |
| CVE-2023-32741 | WordPress Contact Form to Any API Plugin <= 1.1.2 is vulnerable to SQL Injection | IT Path Solutions PVT LTD | Contact Form to Any API | 高危 | - | 2023-11-03 23:04:23 | Deep Dive |
| CVE-2023-24410 | WordPress FluentForm Plugin <= 4.3.25 is vulnerable to SQL Injection | Contact Form - WPManageNinja LLC | Contact Form Plugin – Fastest Contact Form Builder Plugin for WordPress by Fluent Forms | 超危 | - | 2023-10-31 14:25:56 | Deep Dive |