| CVE-2023-25035 | WordPress Quick Contact Form plugin <= 8.0.3.1 - Broken Access Control vulnerability | Fullworks | Quick Contact Form | Medium | 6.5 | 2024-12-09 11:31:38 | Deep Dive |
| CVE-2023-25037 | WordPress Booking Calendar Contact Form plugin <= 1.2.34 - Broken Access Control vulnerability | CodePeople | Booking Calendar Contact Form | Medium | 4.3 | 2024-12-09 11:31:38 | Deep Dive |
| CVE-2023-47830 | WordPress Live Preview for Contact Form 7 plugin <= 1.2.0 - Broken Access Control vulnerability | Addons for Contact Form 7 | Live Preview for Contact Form 7 | Medium | 5.4 | 2024-12-09 11:30:40 | Deep Dive |
| CVE-2023-47838 | WordPress Conditional Fields for Contact Form 7 plugin <= 2.4.1 - Broken Access Control vulnerability | Jules Colle | Conditional Fields for Contact Form 7 | 中危 | - | 2024-12-09 11:30:37 | Deep Dive |
| CVE-2023-47871 | WordPress Contact Form to Any API plugin <= 1.1.6 - Broken Access Control vulnerability | IT Path Solutions | Contact Form to Any API | Medium | 4.3 | 2024-12-09 11:30:33 | Deep Dive |
| CVE-2024-12165 | Mollie for Contact Form 7 <= 5.0.0 - Reflected Cross-Site Scripting | tsjippy | Mollie for Contact Form 7 | Medium | 6.1 | 2024-12-07 01:45:52 | Deep Dive |
| CVE-2024-12026 | Message Filter for Contact Form 7 <= 1.6.3 - Missing Authorization to Authenticated (Subscriber+) New Filter Creation | kofimokome | Message Filter for Contact Form 7 | Medium | 4.3 | 2024-12-07 01:45:50 | Deep Dive |
| CVE-2024-12027 | Message Filter for Contact Form 7 <= 1.6.3 - Missing Authorization to Authenticated (Subscriber+) Filter Updates/Deletions | kofimokome | Message Filter for Contact Form 7 | Medium | 4.3 | 2024-12-06 08:24:53 | Deep Dive |
| CVE-2024-10056 | Contact Form Builder <= 4.10.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via livesite-pay Shortcode | eyale-vc | Contact Form Builder by vcita | Medium | 6.4 | 2024-12-05 09:23:07 | Deep Dive |
| CVE-2024-5020 | Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via FancyBox JavaScript Library | extendthemes | Colibri Page Builder | Medium | 6.4 | 2024-12-04 08:22:47 | Deep Dive |
| CVE-2024-11897 | Contact Form, Survey & Form Builder – MightyForms <= 1.3.9 - Authenticated (Contributor+) Stored Cross-Site Scripting | mightyforms | Contact Form, Survey & Form Builder – MightyForms | Medium | 6.4 | 2024-12-04 02:40:27 | Deep Dive |
| CVE-2024-10587 | Funnelforms Free <= 3.7.5.1 - Authenticated (Contributor+) PHP Object Injection | funnelforms | Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free | High | 8.8 | 2024-12-04 02:40:25 | Deep Dive |
| CVE-2024-11461 | Form Data Collector <= 2.2.3 - Reflected Cross-Site Scripting | taunoh | Form Data Collector | Medium | 6.1 | 2024-12-03 07:34:59 | Deep Dive |
| CVE-2024-11083 | ProfilePress <= 4.15.18 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure | properfraction | Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress | Medium | 5.3 | 2024-11-27 05:31:54 | Deep Dive |
| CVE-2024-11034 | Request a Quote for WooCommerce and Elementor – Get a Quote Button – Product Enquiry Form Popup – Product Quotation <= 1.4 - Unauthenticated Arbitrary Shortcode Execution via fire_contact_form | wpbean | Request a Quote for WooCommerce – Get a Quote Button | High | 7.3 | 2024-11-23 11:23:16 | Deep Dive |
| CVE-2024-11188 | Formidable Forms – Contact Form Plugin, Survey, Quiz, Payment, Calculator Form & Custom Form Builder <= 6.16.1.2 - Reflected Cross-Site Scripting via Custom HTML Form Parameter | strategy11team | Formidable Forms – Contact Form Plugin, Survey, Quiz, Payment, Calculator Form & Custom Form Builder | Medium | 6.1 | 2024-11-23 05:40:11 | Deep Dive |
| CVE-2024-11332 | HIPAA Compliant Forms with Drag’n’Drop HIPAA Form Builder. Sign HIPAA documents <= 1.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting | hipaatizer | HIPAA Compliant Forms with Drag’n’Drop HIPAA Form Builder. Sign HIPAA documents | Medium | 6.4 | 2024-11-23 04:32:21 | Deep Dive |
| CVE-2024-10898 | Contact Form 7 Email Add on <= 1.9 - Authenticated (Contributor+) Local File Inclusion | krishaweb | Email addon for CF7 | High | 8.8 | 2024-11-21 02:06:46 | Deep Dive |
| CVE-2024-51923 | WordPress Websand Subscription Form plugin <= 1.0.3 - Cross Site Scripting (XSS) vulnerability | Websand | Websand Subscription Form | Medium | 6.5 | 2024-11-19 16:30:57 | Deep Dive |
| CVE-2024-11038 | WPB Popup for Contact Form 7 – Showing The Contact Form 7 Popup on Button Click – CF7 Popup <= 1.7.5 - Unauthenticated Arbitrary Shortcode Execution via wpb_pcf_fire_contact_form | wpbean | WPB Popup for Contact Form 7 – Showing Contact Form 7 Popup on Button Click | High | 7.3 | 2024-11-19 11:02:29 | Deep Dive |