| CVE-2024-1779 | Admin side data storage for Contact Form 7 plugin <= 1.1.1 - Missing Authorization to Unauthenticated Read Status Update | zestardtechnologies | Admin side data storage for Contact Form 7 | Medium | 5.3 | 2024-02-23 06:48:17 | Deep Dive |
| CVE-2024-0903 | User Feedback – Create Interactive Feedback Form, User Surveys, and Polls in Seconds <= 1.0.13 - Unauthenticated Stored Cross-Site Scripting | smub | UserFeedback – Create Interactive Feedback Form, User Surveys, and Polls in Seconds | Medium | 5.4 | 2024-02-22 05:32:49 | Deep Dive |
| CVE-2024-25905 | WordPress Multi Step Form Plugin <= 1.7.18 is vulnerable to Cross Site Request Forgery (CSRF) | Mondula GmbH | Multi Step Form | Medium | 5.4 | 2024-02-21 06:47:54 | Deep Dive |
| CVE-2024-1218 | Contact Form builder with drag & drop for WordPress – Kali Forms <= 2.3.41 - Missing Authorization | wpchill | Kali Forms — Contact Form & Drag-and-Drop Builder | Medium | 4.3 | 2024-02-20 18:56:50 | Deep Dive |
| CVE-2024-1217 | Contact Form builder with drag & drop for WordPress – Kali Forms <= 2.3.41 - Missing Authorization to Arbitrary Plugin Deactivation | wpchill | Kali Forms — Contact Form & Drag-and-Drop Builder | High | 7.6 | 2024-02-20 18:56:35 | Deep Dive |
| CVE-2024-1408 | ProfilePress <= 4.14.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via [edit-profile-text-box] shortcode | properfraction | Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress | Medium | 6.4 | 2024-02-20 18:56:34 | Deep Dive |
| CVE-2024-1519 | Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress <= 4.14.4 - Unauthenticated Stored Cross-Site Scripting | properfraction | Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress | Medium | 6.5 | 2024-02-20 18:56:31 | Deep Dive |
| CVE-2024-1570 | ProfilePress <= 4.14.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | properfraction | Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress | Medium | 6.4 | 2024-02-20 18:56:30 | Deep Dive |
| CVE-2024-1340 | Login Lockdown – Protect Login Form <= 2.08 - Missing Authorization | webfactory | Login Lockdown & Protection | Medium | 5.4 | 2024-02-20 18:56:26 | Deep Dive |
| CVE-2024-24884 | WordPress Contact Form 7 Connector Plugin <= 1.2.2 is vulnerable to Cross Site Request Forgery (CSRF) | ARI Soft | Contact Form 7 Connector | Medium | 4.3 | 2024-02-12 08:46:55 | Deep Dive |
| CVE-2024-24887 | WordPress Contest Gallery Plugin <= 21.2.8.4 is vulnerable to Cross Site Request Forgery (CSRF) | Contest Gallery | Photos and Files Contest Gallery – Contact Form, Upload Form, Social Share and Voting Plugin for WordPress | Medium | 5.4 | 2024-02-12 08:43:27 | Deep Dive |
| CVE-2024-24929 | WordPress WP Contact Form Plugin <= 1.6 is vulnerable to Cross Site Request Forgery (CSRF) | Ryan Duff, Peter Westwood | WP Contact Form | Medium | 4.3 | 2024-02-12 08:39:27 | Deep Dive |
| CVE-2024-24804 | WordPress MW WP Form Plugin <= 5.0.6 is vulnerable to Cross Site Scripting (XSS) | websoudan | MW WP Form | Medium | 6.5 | 2024-02-10 07:45:51 | Deep Dive |
| CVE-2024-24836 | WordPress GDPR Data Request Form Plugin <= 1.6 is vulnerable to Cross Site Scripting (XSS) | Audrasjb | GDPR Data Request Form | Medium | 6.5 | 2024-02-08 13:10:22 | Deep Dive |
| CVE-2023-6953 | PDF Generator For Fluent Forms <= 1.1.7 - Cross-Site Scripting | wpmanageninja | Fluent PDF Generator | Medium | 4.9 | 2024-02-05 21:21:59 | Deep Dive |
| CVE-2024-0660 | Formidable Forms <= 6.7.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting | strategy11team | Formidable Forms – Contact Form Plugin, Survey, Quiz, Payment, Calculator Form & Custom Form Builder | Medium | 6.1 | 2024-02-05 21:21:59 | Deep Dive |
| CVE-2024-1046 | Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress <= 4.14.3 - Authenticated (Contributor+) Stored Cross-Site Scripting | properfraction | Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress | Medium | 6.4 | 2024-02-05 21:21:51 | Deep Dive |
| CVE-2024-0963 | Calculated Fields Form <= 1.2.52 - Authenticated (Contributor+) Stored Cross-Site Scripting | codepeople | Calculated Fields Form | Medium | 6.4 | 2024-02-02 11:34:15 | Deep Dive |
| CVE-2024-0685 | Ninja Forms Contact Form <= 3.7.1 - Unauthenticated Second Order SQL Injection | kstover | Ninja Forms – The Contact Form Builder That Grows With You | Medium | 5.9 | 2024-02-02 04:32:35 | Deep Dive |
| CVE-2023-51536 | WordPress CRM Perks Forms Plugin <= 1.1.2 is vulnerable to Cross Site Scripting (XSS) | CRM Perks | CRM Perks Forms – WordPress Form Builder | Medium | 5.9 | 2024-02-01 10:25:54 | Deep Dive |