| CVE-2024-6725 | Formidable Forms <= 6.11.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting | strategy11team | Formidable Forms – Contact Form Plugin, Survey, Quiz, Payment, Calculator Form & Custom Form Builder | Medium | 4.9 | 2024-07-31 10:59:18 | Deep Dive |
| CVE-2024-6770 | Lifetime free Drag & Drop Contact Form Builder for WordPress VForm <= 2.1.5 - Unauthenticated Stored Cross-Site Scripting | vikasratudi | VPSUForm – Drag & Drop Contact Form Builder with Email Automation | High | 7.2 | 2024-07-31 05:30:57 | Deep Dive |
| CVE-2024-5808 | WP Ajax Contact Form <= 2.2.2 - Arbitrary Email Deletion via CSRF | Unknown | WP Ajax Contact Form | - | - | 2024-07-30 06:00:09 | Deep Dive |
| CVE-2024-5809 | WP Ajax Contact Form <= 2.2.2 - Reflected Cross-Site Scripting | Unknown | WP Ajax Contact Form | - | - | 2024-07-30 06:00:09 | Deep Dive |
| CVE-2024-3113 | FormFlow < 2.12.2 - Admin+ Stored XSS | Unknown | FormFlow: WhatsApp Social and Advanced Form Builder with Easy Lead Collection | - | - | 2024-07-30 06:00:06 | Deep Dive |
| CVE-2024-6703 | Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.19 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Welcome Screen Fields | techjewel | Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder | Medium | 4.9 | 2024-07-27 12:30:06 | Deep Dive |
| CVE-2024-6518 | Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.19 - Authenticated (Administrator+) Stored Cross-Site Scripting | techjewel | Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder | Medium | 4.4 | 2024-07-27 11:37:32 | Deep Dive |
| CVE-2024-6520 | Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.19 - Authenticated (Administrator+) Stored Cross-Site Scripting | techjewel | Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder | Medium | 4.4 | 2024-07-27 11:37:29 | Deep Dive |
| CVE-2024-6521 | Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.19 - Authenticated (Administrator+) Stored Cross-Site Scripting | techjewel | Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder | Medium | 4.4 | 2024-07-27 11:13:39 | Deep Dive |
| CVE-2024-37512 | WordPress NEX-Forms – Ultimate Form Builder plugin <= 8.5.10 - Cross Site Scripting (XSS) vulnerability | Basix | NEX-Forms – Ultimate Form Builder | Medium | 6.5 | 2024-07-21 07:17:59 | Deep Dive |
| CVE-2024-37537 | WordPress WS Contact Form plugin <= 1.3.7 - Cross Site Scripting (XSS) vulnerability | UusWeb.ee | WS Contact Form | Medium | 5.9 | 2024-07-21 07:04:59 | Deep Dive |
| CVE-2024-6937 | formtools.org Form Tools Import Option List edit.php curl_exec file inclusion | formtools.org | Form Tools | Low | 2.7 | 2024-07-21 04:00:06 | Deep Dive |
| CVE-2024-6936 | formtools.org Form Tools Setting code injection | formtools.org | Form Tools | Low | 2.7 | 2024-07-21 03:31:04 | Deep Dive |
| CVE-2024-6935 | formtools.org Form Tools User Settings Page cross site scripting | formtools.org | Form Tools | Low | 2.4 | 2024-07-21 02:00:05 | Deep Dive |
| CVE-2024-6934 | formtools.org Form Tools cross site scripting | formtools.org | Form Tools | Low | 2.4 | 2024-07-21 01:31:04 | Deep Dive |
| CVE-2024-37920 | WordPress ARForms Form Builder plugin <= 1.6.7 - Reflected Cross Site Scripting (XSS) vulnerability | Repute InfoSystems | ARForms Form Builder | High | 7.1 | 2024-07-20 08:58:54 | Deep Dive |
| CVE-2024-5804 | Conditional Fields for Contact Form 7 <= 2.4.13 - Cross-Site Request Forgery to Plugin Setting Reset | jules-colle | Conditional Fields for Contact Form 7 | Medium | 4.3 | 2024-07-20 02:02:16 | Deep Dive |
| CVE-2024-6565 | AForms <= 2.2.6 - Unauthenticated Full Path Disclosure | vividcolorsjp | AForms — Form Builder for Price Calculator & Cost Estimation | Medium | 5.3 | 2024-07-16 08:32:31 | Deep Dive |
| CVE-2024-3919 | OpenPGP Form Encryption for WordPress < 1.5.1 - Contributor+ Stored XSS | Unknown | OpenPGP Form Encryption for WordPress | - | - | 2024-07-13 06:00:05 | Deep Dive |
| CVE-2024-5902 | UserFeedback Lite <= 1.0.15 - Unauthenticated Stored Cross-Site Scripting via Name Parameter | smub | UserFeedback – Create Interactive Feedback Form, User Surveys, and Polls in Seconds | High | 7.2 | 2024-07-12 21:30:46 | Deep Dive |