| CVE-2024-6628 | EleForms – All In One Form Integration including DB for Elementor <= 2.9.9.9 - Cross-Site Request Forgery | cscode | EleForms – All In One Form Integration including DB for Elementor | Medium | 4.3 | 2024-11-16 03:20:51 | Deep Dive |
| CVE-2024-10884 | SimpleForm Contact Form Submissions <= 2.1.0 - Reflected Cross-Site Scripting | simpleform | SimpleForm Contact Form Submissions | Medium | 6.1 | 2024-11-16 03:20:41 | Deep Dive |
| CVE-2024-10883 | SimpleForm – Contact form made simple <= 2.2.0 - Reflected Cross-Site Scripting | simpleform | SimpleForm – Contact form made simple | Medium | 6.1 | 2024-11-16 03:20:40 | Deep Dive |
| CVE-2024-10861 | Popup Box – Create Countdown, Coupon, Video, Contact Form Popups <= 4.9.7 - Missing Authorization to Unauthenticated Limited Options Update | ays-pro | Popup Box – Create Countdown, Coupon, Video, Contact Form Popups | Medium | 5.3 | 2024-11-16 02:02:32 | Deep Dive |
| CVE-2024-10260 | Tripetto <= 8.0.11 - Unauthentiated Stored Cross-Site Scripting via Form File Upload | tripetto | WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto | High | 7.2 | 2024-11-15 05:30:56 | Deep Dive |
| CVE-2024-10593 | WPForms – Easy Form Builder for WordPress <= 1.9.1.6 - Cross-Site Request Forgery (CSRF) to Plugin's Log Deletion | smub | WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More | Medium | 4.3 | 2024-11-13 02:33:17 | Deep Dive |
| CVE-2024-8874 | AJAX Login and Registration modal popup + inline form <= 2.24 - Reflected Cross-Site Scripting | kaminskym | AJAX Login and Registration modal popup + inline form | Medium | 6.1 | 2024-11-13 02:02:36 | Deep Dive |
| CVE-2024-10685 | Contact Form 7 Redirect & Thank You Page <= 1.0.6 - Reflected Cross-Site Scripting | scottpaterson | Business Essentials for Contact Form 7 | Medium | 6.1 | 2024-11-12 03:24:59 | Deep Dive |
| CVE-2024-10265 | Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder <= 1.15.30 - Reflected Cross-Site Scripting via add_query_arg Parameter | 10web | Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder | Medium | 6.1 | 2024-11-10 12:30:34 | Deep Dive |
| CVE-2024-10683 | Contact Form 7 - PayPal & Stripe Add-on <= 2.3.1 - Reflected Cross-Site Scripting | scottpaterson | Contact Form 7 – PayPal & Stripe Add-on | Medium | 6.1 | 2024-11-09 06:41:25 | Deep Dive |
| CVE-2024-8756 | Quform - WordPress Form Builder <= 2.20.0 - Unauthenticated Sensitive Information Exposure | ThemeCatcher | Quform - WordPress Form Builder | Medium | 5.3 | 2024-11-09 05:40:23 | Deep Dive |
| CVE-2024-6626 | EleForms – All In One Form Integration including DB for Elementor <= 2.9.9.9 - Missing Authorization | cscode | EleForms – All In One Form Integration including DB for Elementor | Medium | 5.3 | 2024-11-06 06:43:32 | Deep Dive |
| CVE-2024-10647 | WS Form LITE – Drag & Drop Contact Form Builder for WordPress <= 1.9.244 - Reflected Cross-Site Scripting via URL | westguard | WS Form LITE – Drag & Drop Contact Form Builder | Medium | 6.1 | 2024-11-06 02:01:57 | Deep Dive |
| CVE-2024-10084 | Contact Form 7 – Dynamic Text Extension <= 4.5 - Information Disclosure via Shortcode | sevenspark | Contact Form 7 – Dynamic Text Extension | Medium | 4.3 | 2024-11-05 21:29:18 | Deep Dive |
| CVE-2024-50523 | WordPress All Post Contact Form plugin <= 1.8.2 - Arbitrary File Upload vulnerability | RainbowLink Inc. | All Post Contact Form | Critical | 10.0 | 2024-11-04 13:46:00 | Deep Dive |
| CVE-2024-50526 | WordPress Multi Purpose Mail Form plugin <= 1.0.2 - Arbitrary File Upload vulnerability | Lindeni Mahlalela | Multi Purpose Mail Form | Critical | 10.0 | 2024-11-04 13:43:38 | Deep Dive |
| CVE-2024-44019 | WordPress Contact Form 7 Campaign Monitor Extension plugin <= 0.4.67 - Arbitrary File Deletion vulnerability | Renzo Johnson | Contact Form 7 Campaign Monitor Extension | Medium | 5.3 | 2024-11-01 14:17:10 | Deep Dive |
| CVE-2024-9700 | Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.36.0 - Insecure Direct Object Reference to Submission Manipulation | wpmudev | Forminator Forms – Contact Form, Payment Form & Custom Form Builder | Medium | 5.3 | 2024-10-31 05:31:24 | Deep Dive |
| CVE-2024-50428 | WordPress Multi Step Form plugin <= 1.7.21 - Broken Access Control vulnerability | mondula2016 | Multi Step Form | Medium | 4.3 | 2024-10-29 21:10:54 | Deep Dive |
| CVE-2024-50412 | WordPress Conditional Fields for Contact Form 7 plugin <= 2.4.15 - Cross Site Scripting (XSS) vulnerability | Jules Colle | Conditional Fields for Contact Form 7 | Medium | 5.9 | 2024-10-29 08:48:38 | Deep Dive |