| CVE-2023-3645 | Contact Form Builder by Bit Form < 2.2.0 - Admin+ Stored XSS | Unknown | Contact Form Builder by Bit Form | 中危 | - | 2023-08-14 19:10:17 | Deep Dive |
| CVE-2023-37988 | WordPress Contact Form Generator Plugin <= 2.5.5 is vulnerable to Cross Site Scripting (XSS) | Creative Solutions | Contact Form Generator | High | 7.1 | 2023-08-10 10:39:27 | Deep Dive |
| CVE-2023-37979 | WordPress Ninja Forms Plugin <= 3.6.25 is vulnerable to Cross Site Scripting (XSS) | Saturday Drive | Ninja Forms Contact Form | High | 7.1 | 2023-07-27 14:08:06 | Deep Dive |
| CVE-2023-3248 | All-in-one Floating Contact Form < 2.1.2 - Admin+ Stored Cross-Site Scripting | Unknown | All-in-one Floating Contact Form, Call, Chat, and 50+ Social Icon Tabs | 中危 | - | 2023-07-24 10:20:25 | Deep Dive |
| CVE-2023-36384 | WordPress Booking Calendar Contact Form Plugin <= 1.2.40 is vulnerable to Cross Site Scripting (XSS) | CodePeople | Booking Calendar Contact Form | High | 7.1 | 2023-07-18 14:17:40 | Deep Dive |
| CVE-2023-2517 | Metform Elementor Contact Form Builder <= 3.3.2 - Cross-Site Request Forgery via permalink_setup | roxnor | MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor | Medium | 5.4 | 2023-07-12 04:38:50 | Deep Dive |
| CVE-2021-4417 | Forminator – Contact Form, Payment Form & Custom Form Builder <= 1.13.4 - Cross-Site Request Forgery Bypass | wpmudev | Forminator Forms – Contact Form, Payment Form & Custom Form Builder | Medium | 5.4 | 2023-07-12 03:40:46 | Deep Dive |
| CVE-2023-24405 | WordPress Contact Form 7 – PayPal & Stripe Add-on Plugin <= 1.9.3 is vulnerable to Cross Site Request Forgery (CSRF) | Scott Paterson | Contact Form 7 – PayPal & Stripe Add-on | Medium | 5.4 | 2023-07-10 11:58:09 | Deep Dive |
| CVE-2023-24395 | WordPress Contact Form 7 Redirect & Thank You Page Plugin <= 1.0.3 is vulnerable to Cross Site Request Forgery (CSRF) | Scott Paterson | Contact Form 7 Redirect & Thank You Page | Medium | 5.4 | 2023-07-10 10:40:44 | Deep Dive |
| CVE-2021-4390 | Contact Form 7 Style <= 3.2 - Cross-Site Request Forgery Bypass | ionuticlanzan | Contact Form 7 Style | Medium | 4.3 | 2023-07-01 04:26:48 | Deep Dive |
| CVE-2023-29438 | WordPress SimpleModal Contact Form (SMCF) Plugin <= 1.2.9 is vulnerable to Cross Site Scripting (XSS) | Eric Martin | SimpleModal Contact Form (SMCF) | Medium | 5.9 | 2023-06-26 12:04:21 | Deep Dive |
| CVE-2022-47586 | WordPress Ultimate Addons for Contact Form 7 Plugin <= 3.1.23 is vulnerable to SQL Injection | Themefic | Ultimate Addons for Contact Form 7 | High | 8.2 | 2023-06-19 11:58:10 | Deep Dive |
| CVE-2023-2527 | Integration for Contact Form 7 and Zoho CRM, Bigin < 1.2.4 - Admin+ SQLi | Unknown | Integration for Contact Form 7 and Zoho CRM, Bigin | 中危 | - | 2023-06-19 10:52:51 | Deep Dive |
| CVE-2023-24420 | WordPress Admin side data storage for Contact Form 7 Plugin <= 1.1.1 is vulnerable to Cross Site Scripting (XSS) | Zestard Technologies | Admin side data storage for Contact Form 7 | High | 7.1 | 2023-06-15 13:32:09 | Deep Dive |
| CVE-2023-2718 | Contact Form Email < 1.3.38 - Unauthenticated Stored Cross-Site Scripting | Unknown | Contact Form Email | 中危 | - | 2023-06-12 17:28:21 | Deep Dive |
| CVE-2023-0692 | Metform Elementor Contact Form Builder <= 3.3.1 - Authenticated (Subscriber+) Information Disclosure via 'mf_payment_status' shortcode | roxnor | MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor | Medium | 4.3 | 2023-06-09 05:33:37 | Deep Dive |
| CVE-2023-0721 | Metform Elementor Contact Form Builder <= 3.3.0 - Unauthenticated CSV Injection | roxnor | MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor | High | 8.3 | 2023-06-09 05:33:34 | Deep Dive |
| CVE-2023-0708 | Metform Elementor Contact Form Builder <= 3.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via mf_first_name shortcode | roxnor | MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor | Medium | 5.4 | 2023-06-09 05:33:28 | Deep Dive |
| CVE-2023-0691 | Metform Elementor Contact Form Builder <= 3.3.1 - Authenticated (Subscriber+) Information Disclosure via mf_last_name shortcode | roxnor | MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor | Medium | 4.3 | 2023-06-09 05:33:24 | Deep Dive |
| CVE-2023-0710 | Metform Elementor Contact Form Builder <= 3.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via mf_thankyou shortcode | roxnor | MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor | Medium | 4.9 | 2023-06-09 05:33:24 | Deep Dive |