| CVE-2024-34754 | WordPress Contact Form Widget plugin <= 1.3.9 - Sensitive Data Exposure vulnerability | A WP Life | Contact Form Widget | Medium | 5.3 | 2024-06-03 10:23:59 | Deep Dive |
| CVE-2024-4958 | User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin <= 3.2.0.1 - Missing Authorization to Privilege Escalation | wpeverest | User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder | High | 7.1 | 2024-06-01 07:35:57 | Deep Dive |
| CVE-2024-2295 | Contact Form Manager <= 1.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting | f1logic | Contact Form Manager | Medium | 6.4 | 2024-06-01 07:35:56 | Deep Dive |
| CVE-2024-5084 | Hash Form – Drag & Drop Form Builder <= 1.1.0 - Unauthenticated Arbitrary File Upload to Remote Code Execution | hashthemes | Hash Form – Drag & Drop Form Builder | Critical | 9.8 | 2024-05-23 14:31:39 | Deep Dive |
| CVE-2024-5085 | Hash Form – Drag & Drop Form Builder <= 1.1.0 - Unauthenticated PHP Object Injection | hashthemes | Hash Form – Drag & Drop Form Builder | High | 8.1 | 2024-05-23 14:31:38 | Deep Dive |
| CVE-2024-2861 | ProfilePress <= 4.15.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via ProfilePress User Panel Widget | properfraction | Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress | Medium | 6.4 | 2024-05-23 09:32:33 | Deep Dive |
| CVE-2024-4261 | Responsive Contact Form Builder & Lead Generation Plugin <= 1.9.1 - Authenticated (Subscriber+) Arbitrary Shortcode Execution | themehunk | Lead Form Builder & Contact Form | Medium | 5.4 | 2024-05-22 12:44:36 | Deep Dive |
| CVE-2024-2036 | ApplyOnline – Application Form Builder and Manager <= 2.6.2 - Missing Authorization to Sensitive Information Exposure | farhannoor | ApplyOnline – Application Form Builder and Manager | Medium | 4.3 | 2024-05-22 08:31:22 | Deep Dive |
| CVE-2024-4157 | Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.15 - PHP Object Injection via extractDynamicValues | techjewel | Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder | High | 7.5 | 2024-05-22 07:37:24 | Deep Dive |
| CVE-2024-3155 | Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks <= 2.2.80 - Authenticated (Contributor+) Stored Cross-Site Scripting | pickplugins | Post Grid | Medium | 6.4 | 2024-05-21 02:32:59 | Deep Dive |
| CVE-2024-4709 | Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.16 - Authenticated (Contributor+) Stored Cross-Site Scripting | techjewel | Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder | Medium | 6.4 | 2024-05-18 07:38:35 | Deep Dive |
| CVE-2024-2772 | Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.13 - Authenticated (Subscriber+) Stored Cross-Site Scripting | techjewel | Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder | Medium | 6.4 | 2024-05-18 07:38:33 | Deep Dive |
| CVE-2024-2782 | Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.16 - Missing Authorization to Setting Manipulation | techjewel | Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder | High | 7.5 | 2024-05-18 07:38:33 | Deep Dive |
| CVE-2024-2771 | Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.16 - Missing Authorization to Settings Update and Limited Privilege Escalation | techjewel | Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder | Critical | 9.8 | 2024-05-18 07:38:21 | Deep Dive |
| CVE-2024-34755 | WordPress Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms plugin <= 1.3.9 - Cross Site Request Forgery (CSRF) vulnerability | CRM Perks | Integration for Contact Form 7 and Salesforce | Medium | 4.3 | 2024-05-17 09:52:40 | Deep Dive |
| CVE-2024-34756 | WordPress Integration for HubSpot and Contact Form 7 plugin <= 1.3.1 - Cross Site Request Forgery (CSRF) vulnerability | CRM Perks | Integration for Contact Form 7 HubSpot | Medium | 4.3 | 2024-05-17 09:49:30 | Deep Dive |
| CVE-2024-23522 | WordPress Formidable Forms plugin <= 6.7 - Content Injection vulnerability | Strategy11 Form Builder Team | Formidable Forms | Medium | 5.3 | 2024-05-17 08:47:40 | Deep Dive |
| CVE-2024-30540 | WordPress VS Contact Form plugin <= 14.7 - Sum Captcha Bypass vulnerability | Guido | VS Contact Form | Medium | 5.3 | 2024-05-17 08:20:24 | Deep Dive |
| CVE-2023-23990 | WordPress Redirection for Contact Form 7 plugin <= 2.7.0 - Privilege Escalation vulnerability | Qube One Ltd. | Redirection for Contact Form 7 | High | 7.6 | 2024-05-17 06:33:39 | Deep Dive |
| CVE-2024-4373 | Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) <= 3.5.3 - Authenticated (Contributor+) Stored Cross-site Scriping via 'Sina Particle Layer' | shaonsina | Sina Extension for Elementor | Medium | 6.4 | 2024-05-15 01:56:56 | Deep Dive |