| CVE-2023-36508 | WordPress Contact Form to DB by BestWebSoft Plugin <= 1.7.1 is vulnerable to SQL Injection | BestWebSoft | Contact Form to DB by BestWebSoft – Messages Database Plugin For WordPress | 超危 | - | 2023-10-31 14:23:21 | Deep Dive |
| CVE-2023-31212 | WordPress Contact Form Entries Plugin <= 1.3.0 is vulnerable to SQL Injection | CRM Perks | Database for Contact Form 7, WPforms, Elementor forms | 超危 | - | 2023-10-31 14:04:44 | Deep Dive |
| CVE-2023-46075 | WordPress Contact Form Builder, Contact Widget Plugin <= 2.1.6 is vulnerable to Cross Site Scripting (XSS) | wpdevart | Contact Form Builder, Contact Widget | High | 7.1 | 2023-10-26 12:02:17 | Deep Dive |
| CVE-2023-5337 | Contact form Form For All <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | formforall | Contact form Form For All – Easy to use, fast, 37 languages. | Medium | 6.4 | 2023-10-20 07:29:27 | Deep Dive |
| CVE-2023-4961 | Poptin <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | poptin | Poptin – Exit Pop Ups & Email Popups | Medium | 6.4 | 2023-10-20 07:29:22 | Deep Dive |
| CVE-2023-45071 | WordPress Form Maker by 10Web Plugin <= 1.15.18 is vulnerable to Cross Site Scripting (XSS) | 10Web Form Builder Team | Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder | High | 7.1 | 2023-10-18 12:38:56 | Deep Dive |
| CVE-2023-45070 | WordPress Form Maker by 10Web Plugin <= 1.15.18 is vulnerable to Cross Site Scripting (XSS) | 10Web Form Builder Team | Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder | High | 7.1 | 2023-10-18 12:34:30 | Deep Dive |
| CVE-2023-4950 | Funnelforms Free < 3.4 Unauthenticated Stored Cross-Site Scripting | Unknown | Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor | 中危 | - | 2023-10-16 19:38:58 | Deep Dive |
| CVE-2023-45068 | WordPress Contact Form by Supsystic Plugin <= 1.7.27 is vulnerable to Cross Site Request Forgery (CSRF) | Supsystic | Contact Form by Supsystic | Medium | 5.4 | 2023-10-12 12:44:37 | Deep Dive |
| CVE-2023-44231 | WordPress Contact Form Plugin <= 2.0.10 is vulnerable to Cross Site Request Forgery (CSRF) | NickDuncan | Contact Form | Medium | 4.3 | 2023-10-09 08:40:46 | Deep Dive |
| CVE-2023-44230 | WordPress Popup contact form Plugin <= 7.1 is vulnerable to Cross Site Scripting (XSS) | Gopi Ramasamy | Popup contact form | Medium | 5.9 | 2023-10-02 10:17:58 | Deep Dive |
| CVE-2023-44265 | WordPress Popup contact form Plugin <= 7.1 is vulnerable to Cross Site Scripting (XSS) | Gopi Ramasamy | Popup contact form | Medium | 5.9 | 2023-10-02 10:14:32 | Deep Dive |
| CVE-2023-44245 | WordPress Contractor Contact Form Website to Workflow Tool Plugin <= 4.0.0 is vulnerable to Cross Site Scripting (XSS) | Leap | Contractor Contact Form Website to Workflow Tool | High | 7.1 | 2023-10-02 09:58:45 | Deep Dive |
| CVE-2023-30493 | WordPress Ultimate Addons for Contact Form 7 Plugin <= 3.2.0 is vulnerable to Cross Site Scripting (XSS) | Themefic | Ultimate Addons for Contact Form 7 | High | 7.1 | 2023-09-27 10:54:37 | Deep Dive |
| CVE-2023-5125 | Contact Form by FormGet <= 5.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | pankajagarwal | Contact Form by FormGet – Best Form Builder Plugin for WordPress | Medium | 6.4 | 2023-09-23 04:29:41 | Deep Dive |
| CVE-2023-0689 | Metform Elementor Contact Form Builder <= 3.3.1 - Authenticated (Subscriber+) Information Disclosure via 'mf_first_name' shortcode | roxnor | MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor | Medium | 4.3 | 2023-08-31 05:33:06 | Deep Dive |
| CVE-2023-4109 | Ninja Forms < 3.6.26 - Admin+ Stored HTML Injection | Unknown | Ninja Forms Contact Form | 中危 | - | 2023-08-30 14:22:02 | Deep Dive |
| CVE-2023-4596 | Forminator <= 1.24.6 - Unauthenticated Arbitrary File Upload | wpmudev | Forminator Forms – Contact Form, Payment Form & Custom Form Builder | Critical | 9.8 | 2023-08-30 01:45:37 | Deep Dive |
| CVE-2023-2802 | Ultimate Addons for Contact Form 7 < 3.1.29 - Admin+ Stored XSS | Unknown | Ultimate Addons for Contact Form 7 | 中危 | - | 2023-08-14 19:10:20 | Deep Dive |
| CVE-2023-2803 | Ultimate Addons for Contact Form 7 < 3.1.29 - Reflected XSS | Unknown | Ultimate Addons for Contact Form 7 | 中危 | - | 2023-08-14 19:10:17 | Deep Dive |