| CVE-2025-11991 | JetFormBuilder <= 3.5.3 - Missing Authorization to Unauthenticated Form Generation | jetmonsters | JetFormBuilder — Dynamic Blocks Form Builder | Medium | 5.3 | 2025-12-16 07:21:06 | Deep Dive |
| CVE-2025-13367 | User Registration & Membership – Custom Registration Form Builder, Custom Login Form, User Profile, Content Restriction & Membership Plugin <= 4.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes | wpeverest | User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder | Medium | 6.4 | 2025-12-15 14:25:10 | Deep Dive |
| CVE-2025-14074 | PDF for Contact Form 7 + Drag and Drop Template Builder <= 6.3.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Duplication | addonsorg | PDF for Contact Form 7 + Drag and Drop Template Builder | Medium | 4.3 | 2025-12-12 09:20:28 | Deep Dive |
| CVE-2025-67577 | WordPress Easy Form Builder plugin <= 3.8.20 - Broken Access Control vulnerability | hassantafreshi | Easy Form Builder | Medium | 5.3 | 2025-12-09 14:14:14 | Deep Dive |
| CVE-2025-13748 | Fluent Forms <= 6.1.7 - Unauthenticated Insecure Direct Object Reference to Payment Status Tampering via submission_id | techjewel | Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder | Medium | 5.3 | 2025-12-06 06:39:09 | Deep Dive |
| CVE-2025-13696 | Zigaform <= 7.6.5 - Unauthenticated Form Submission Data Disclosure in rocket_front_payment_seesummary AJAX Endpoint | softdiscover | Zigaform – Price Calculator & Cost Estimation Form Builder Lite | Medium | 5.3 | 2025-12-02 07:24:31 | Deep Dive |
| CVE-2025-13140 | SurveyJS: Drag & Drop WordPress Form Builder <= 1.12.20 - Cross-Site Request Forgery to Survey Deletion | devsoftbaltic | SurveyJS: Drag & Drop Form Builder | Medium | 4.3 | 2025-12-02 06:40:25 | Deep Dive |
| CVE-2025-13159 | Flo Forms – Easy Drag & Drop Form Builder <= 1.0.43 - Unauthenticated Stored Cross-Site Scripting via SVG Upload | flothemesplugins | Flo Forms – Easy Drag & Drop Form Builder | High | 7.1 | 2025-11-21 07:31:52 | Deep Dive |
| CVE-2025-12535 | SureForms <= 1.13.1 - Cross-Site Request Forgery Protection Bypass via Improper Nonce Distribution | brainstormforce | SureForms – Contact Form, Payment Form & Other Custom Form Builder | Medium | 5.3 | 2025-11-19 06:45:26 | Deep Dive |
| CVE-2025-12528 | Pie Forms for WP <= 1.6 - Unauthenticated Arbitrary File Upload | genetechproducts | Pie Forms — Drag & Drop Form Builder | High | 8.1 | 2025-11-18 08:27:31 | Deep Dive |
| CVE-2025-12536 | SureForms <= 1.13.1 - Missing Authorization to Unauthenticated Sensitive Information Exposure | brainstormforce | SureForms – Contact Form, Payment Form & Other Custom Form Builder | Medium | 5.3 | 2025-11-13 03:27:39 | Deep Dive |
| CVE-2025-10732 | SureForms – Drag and Drop Form Builder for WordPress <= 1.12.1 - Missing Authorization to Authenticated (Contributor+) Information Disclosure | brainstormforce | SureForms – Contact Form, Payment Form & Other Custom Form Builder | Medium | 4.3 | 2025-10-14 05:24:58 | Deep Dive |
| CVE-2025-9898 | cForms – Light speed fast Form Builder <= 3.0.0 - Cross-Site Request Forgery | compojoom | cForms – Light speed fast Form Builder | Medium | 4.3 | 2025-09-27 06:47:15 | Deep Dive |
| CVE-2025-10498 | Ninja Forms – The Contact Form Builder That Grows With You <= 3.12.0 - Cross-Site Request Forgery to Limited File Deletion | kstover | Ninja Forms – The Contact Form Builder That Grows With You | Medium | 4.3 | 2025-09-27 02:25:14 | Deep Dive |
| CVE-2025-10499 | Ninja Forms – The Contact Form Builder That Grows With You <= 3.12.0 - Cross-Site Request Forgery to Plugin Settings Update | kstover | Ninja Forms – The Contact Form Builder That Grows With You | Medium | 4.3 | 2025-09-27 02:25:13 | Deep Dive |
| CVE-2025-10489 | SureForms – Drag and Drop Form Builder for WordPress <= 1.12.0 - Missing Authorization to Authenticated (Contributor+) Form Creation | brainstormforce | SureForms – Contact Form, Payment Form & Other Custom Form Builder | Medium | 4.3 | 2025-09-20 04:27:55 | Deep Dive |
| CVE-2025-9085 | User Registration & Membership <= 4.3.0 - Authenticated (Admin+) SQL Injection | wpeverest | User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder | Medium | 4.9 | 2025-09-06 02:24:18 | Deep Dive |
| CVE-2025-9260 | Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder 5.1.16 - 6.1.1 - Authenticated (Subscriber+) PHP Object Injection To Arbitrary File Read | techjewel | Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder | Medium | 6.5 | 2025-09-02 23:22:46 | Deep Dive |
| CVE-2025-6679 | Contact Form by Bit Form - Bit Form <= 2.20.3 - Unauthenticated Arbitrary File Upload | bitpressadmin | Bit Form – Custom Contact Form, Multi Step, Conversational Form & Payment Form builder | Critical | 9.8 | 2025-08-15 06:40:43 | Deep Dive |
| CVE-2025-54678 | WordPress Easy Form Builder Plugin <= 3.8.15 - SQL Injection Vulnerability | hassantafreshi | Easy Form Builder | Critical | 9.3 | 2025-08-14 10:34:43 | Deep Dive |