| CVE-2024-4333 | Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) <= 3.5.3 - Authenticated (Contributor+) DOM-Based Cross-Site Scripting | shaonsina | Sina Extension for Elementor | Medium | 6.4 | 2024-05-14 12:50:02 | Deep Dive |
| CVE-2024-4144 | Simple Basic Contact Form <= 20240502 - Unauthenticated Arbitrary Shortcode Execution | wpkube | Simple Basic Contact Form | Medium | 6.5 | 2024-05-14 05:33:00 | Deep Dive |
| CVE-2024-34817 | WordPress Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms plugin <= 1.2.0 - Cross Site Request Forgery (CSRF) vulnerability | CRM Perks | Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms | Medium | 4.3 | 2024-05-10 08:35:23 | Deep Dive |
| CVE-2024-4150 | Simple Basic Contact Form <= 20221201 - Reflected Cross-Site Scripting | wpkube | Simple Basic Contact Form | Medium | 6.1 | 2024-05-09 20:03:21 | Deep Dive |
| CVE-2024-34437 | WordPress Form Maker by 10Web plugin <= 1.15.24 - Cross Site Scripting (XSS) vulnerability | 10Web Form Builder Team | Form Maker by 10Web | Medium | 5.9 | 2024-05-09 11:03:03 | Deep Dive |
| CVE-2024-31270 | WordPress ARForms Form Builder plugin <= 1.6.1 - Broken Access Control vulnerability | Repute InfoSystems | ARForms Form Builder | High | 7.6 | 2024-05-08 13:25:37 | Deep Dive |
| CVE-2024-33918 | WordPress AJAX Login and Registration modal popup + inline form plugin <= 2.23 - Cross Site Scripting (XSS) vulnerability | Maxim K | AJAX Login and Registration modal popup + inline form | Medium | 5.9 | 2024-05-03 07:16:36 | Deep Dive |
| CVE-2024-3637 | Responsive Contact Form Builder & Lead Generation Plugin <= 1.8.9 - Admin+ Stored XSS | Unknown | Responsive Contact Form Builder & Lead Generation Plugin | - | - | 2024-05-03 06:00:02 | Deep Dive |
| CVE-2024-1415 | Responsive Contact Form Builder & Lead Generation Plugin <= 1.8.9 - Cross-Site Request Forgery | themehunk | Lead Form Builder & Contact Form | Medium | 4.3 | 2024-05-02 16:52:45 | Deep Dive |
| CVE-2024-1416 | Responsive Contact Form Builder & Lead Generation Plugin <= 1.8.9 - Missing Authorization | themehunk | Lead Form Builder & Contact Form | Medium | 4.3 | 2024-05-02 16:52:42 | Deep Dive |
| CVE-2024-2417 | User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin <= 3.1.5 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation | wpeverest | User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder | High | 8.8 | 2024-05-02 16:52:42 | Deep Dive |
| CVE-2024-2082 | EleForms – All In One Form Integration including DB for Elementor <= 2.9.9.7 - Unauthenticated Stored Cross-Site Scripting | cscode | EleForms – All In One Form Integration including DB for Elementor | High | 7.2 | 2024-05-02 16:52:41 | Deep Dive |
| CVE-2024-3715 | Database for Contact Form 7, WPforms, Elementor forms <= 1.3.8 - Unauthenticated Stored Cross-Site Scripting | crmperks | Database for Contact Form 7, WPforms, Elementor forms | High | 7.2 | 2024-05-02 16:52:31 | Deep Dive |
| CVE-2024-3870 | Contact Form 7 Database Addon – CFDB7 <= 1.2.6.8 - Unauthenticated Sensitive Information Exposure | arshidkv12 | Database Addon for Contact Form 7 – CFDB7 | Medium | 5.3 | 2024-05-02 16:52:26 | Deep Dive |
| CVE-2024-2542 | Jotform Online Forms <= 1.3.1 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode | jotform | Online Forms — Customizable Payment, Contact, Quiz, Survey Form Builder – Jotform | Medium | 6.4 | 2024-05-02 16:52:25 | Deep Dive |
| CVE-2024-3295 | User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin <= 3.1.5 - Missing Authorization to Unauthenticated Media Deletion | wpeverest | User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder | Medium | 6.5 | 2024-05-02 16:52:21 | Deep Dive |
| CVE-2024-2043 | EleForms – All In One Form Integration including DB for Elementor <= 2.9.9.7 - Missing Authorization to Sensitive Information Exposure | cscode | EleForms – All In One Form Integration including DB for Elementor | Medium | 5.3 | 2024-05-02 16:52:13 | Deep Dive |
| CVE-2024-3649 | Contact Form by WPForms – Drag & Drop Form Builder for WordPress <= 1.8.7.2 - Unauthenticated Price Manipulation | smub | WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More | Medium | 5.3 | 2024-05-02 16:52:13 | Deep Dive |
| CVE-2024-2867 | Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress <= 4.15.4 - Authenticated (Contributor+) Stored Cross-Site Scripting | properfraction | Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress | Medium | 6.4 | 2024-05-02 16:52:05 | Deep Dive |
| CVE-2024-0847 | 5280 Bootstrap Modal Contact Form <= 1.0 - Cross-Site Request Forgery to Bulk Delete Messages | 5280studios | 5280 Bootstrap Modal Contact Form | Medium | 4.3 | 2024-05-02 16:51:50 | Deep Dive |