| CVE-2025-10732 | SureForms – Drag and Drop Form Builder for WordPress <= 1.12.1 - Missing Authorization to Authenticated (Contributor+) Information Disclosure | brainstormforce | SureForms – Contact Form, Payment Form & Other Custom Form Builder | Medium | 4.3 | 2025-10-14 05:24:58 | Deep Dive |
| CVE-2025-10489 | SureForms – Drag and Drop Form Builder for WordPress <= 1.12.0 - Missing Authorization to Authenticated (Contributor+) Form Creation | brainstormforce | SureForms – Contact Form, Payment Form & Other Custom Form Builder | Medium | 4.3 | 2025-09-20 04:27:55 | Deep Dive |
| CVE-2025-49387 | WordPress Drag and Drop File Upload for Elementor Forms Plugin <= 1.5.3 - Arbitrary File Upload Vulnerability | add-ons.org | Drag and Drop File Upload for Elementor Forms | Critical | 10.0 | 2025-08-28 12:37:13 | Deep Dive |
| CVE-2025-58208 | WordPress PDF for Elementor Forms + Drag And Drop Template Builder Plugin <= 6.2.0 - Cross Site Scripting (XSS) Vulnerability | add-ons.org | PDF for Elementor Forms + Drag And Drop Template Builder | Medium | 6.5 | 2025-08-27 17:45:47 | Deep Dive |
| CVE-2025-8464 | Drag and Drop Multiple File Upload for Contact Form 7 <= 1.3.9.0 - Directory Traversal via `wpcf7_guest_user_id` Cookie | glenwpcoder | Drag and Drop Multiple File Upload for Contact Form 7 | Medium | 5.3 | 2025-08-16 07:25:29 | Deep Dive |
| CVE-2025-7644 | Pixel Gallery Addons for Elementor – Easy Grid, Creative Gallery, Drag and Drop Grid, Custom Grid Layout, Portfolio Gallery <= 1.6.7 - Authenticated (Contributor+) Stored Cross-Site Scripting | bdthemes | Pixel Gallery Addons for Elementor – Easy Grid, Creative Gallery, Drag and Drop Grid, Custom Grid Layout, Portfolio Gallery | Medium | 6.4 | 2025-07-22 04:25:08 | Deep Dive |
| CVE-2025-6691 | SureForms – Drag and Drop Form Builder for WordPress <= 1.7.3 - Unauthenticated Arbitrary File Deletion Triggered via Administrator Submission Deletion | brainstormforce | SureForms – Drag and Drop Form Builder for WordPress | High | 8.1 | 2025-07-09 05:23:40 | Deep Dive |
| CVE-2025-6742 | SureForms – Drag and Drop Form Builder for WordPress <= 1.7.3 - Unauthenticated PHP Object Injection (PHAR) Triggered via Admin Submission Deletion | brainstormforce | SureForms – Drag and Drop Form Builder for WordPress | High | 7.5 | 2025-07-09 05:23:39 | Deep Dive |
| CVE-2025-5746 | Drag and Drop Multiple File Upload (Pro) - WooCommerce <= 1.7.1 and 5.0 - 5.0.5 - Unauthenticated Arbitrary File Upload | CodeDropz | Drag and Drop Multiple File Upload (Pro) - WooCommerce | Critical | 9.8 | 2025-07-02 03:47:24 | Deep Dive |
| CVE-2025-49885 | WordPress Drag and Drop Multiple File Upload (Pro) - WooCommerce plugin <= 5.0.6 - Arbitrary File Upload Vulnerability | HaruTheme | Drag and Drop Multiple File Upload (Pro) - WooCommerce | Critical | 10.0 | 2025-06-27 11:52:31 | Deep Dive |
| CVE-2025-3515 | Drag and Drop Multiple File Upload for Contact Form 7 <= 1.3.8.9 - Unauthenticated Arbitrary File Upload via Insufficient Blacklist Checks | glenwpcoder | Drag and Drop Multiple File Upload for Contact Form 7 | High | 8.1 | 2025-06-17 09:21:39 | Deep Dive |
| CVE-2025-4597 | Woo Slider Pro - Drag Drop Slider Builder For WooCommerce <= 1.12 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion | bc2018 | Woo Slider Pro – Drag Drop Slider Builder For WooCommerce | Medium | 6.5 | 2025-05-30 11:15:09 | Deep Dive |
| CVE-2025-4223 | Page Builder: Pagelayer – Drag and Drop website builder <= 2.0.0 - Reflected Cross-Site Scripting via login_url Parameter | softaculous | Page Builder: Pagelayer – Drag and Drop website builder | Medium | 4.7 | 2025-05-24 04:25:19 | Deep Dive |
| CVE-2024-13427 | Page Builder: Pagelayer – Drag and Drop website builder <= 2.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Link | softaculous | Page Builder: Pagelayer – Drag and Drop website builder | Medium | 6.4 | 2025-05-24 01:41:10 | Deep Dive |
| CVE-2025-47492 | WordPress Drag and Drop File Upload for Elementor Forms plugin <= 1.4.3 - Arbitrary File Deletion Vulnerability | add-ons.org | Drag and Drop File Upload for Elementor Forms | High | 8.6 | 2025-05-23 12:43:35 | Deep Dive |
| CVE-2025-3201 | Kali Forms < 2.4.3 - Contributor+ Stored XSS | Unknown | Contact Form builder with drag & drop for WordPress | - | - | 2025-05-16 06:00:04 | Deep Dive |
| CVE-2025-4403 | Drag and Drop Multiple File Upload for WooCommerce <= 1.1.6 - Unauthenticated Arbitrary File Upload via upload Function | glenwpcoder | Drag and Drop Multiple File Upload for WooCommerce | Critical | 9.8 | 2025-05-09 08:24:06 | Deep Dive |
| CVE-2025-3815 | SurveyJS <= 1.12.32 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter | devsoftbaltic | SurveyJS: Drag & Drop Form Builder | Medium | 6.4 | 2025-05-03 07:22:57 | Deep Dive |
| CVE-2025-3912 | WS Form LITE – Drag & Drop Contact Form Builder for WordPress <= 1.10.35 - Missing Authorization to Unauthenticated Sensitive Information Exposure | westguard | WS Form LITE – Drag & Drop Contact Form Builder | Medium | 5.3 | 2025-04-25 11:12:52 | Deep Dive |
| CVE-2025-32236 | WordPress Woocommerce Products Reorder Drag Drop Multiple Sort plugin <= 1.9 - Broken Access Control vulnerability | Vagonic | Woocommerce Products Reorder Drag Drop Multiple Sort – Sortable, Rearrange Products Vagonic | Medium | 4.3 | 2025-04-10 08:09:47 | Deep Dive |