| CVE-2025-2941 | Drag and Drop Multiple File Upload for WooCommerce <= 1.1.4 - Unauthenticated Arbitrary File Move | glenwpcoder | Drag and Drop Multiple File Upload for WooCommerce | Critical | 9.8 | 2025-04-05 07:01:11 | Deep Dive |
| CVE-2025-2485 | Drag and Drop Multiple File Upload for Contact Form 7 <= 1.3.8.7 - Unauthenticated PHP Object Injection via PHAR to Arbitrary File Deletion | glenwpcoder | Drag and Drop Multiple File Upload for Contact Form 7 | High | 7.5 | 2025-03-28 06:51:46 | Deep Dive |
| CVE-2025-2328 | Drag and Drop Multiple File Upload for Contact Form 7 <= 1.3.8.7 - Unauthenticated Arbitrary File Deletion | glenwpcoder | Drag and Drop Multiple File Upload for Contact Form 7 | High | 8.8 | 2025-03-28 06:51:45 | Deep Dive |
| CVE-2024-13856 | Make Builder <= 1.1.10 - Authenticated (Subscriber+) Server-Side Request Forgery via make_builder_ajax_subscribe Function | thethemefoundry | Your Friendly Drag and Drop Page Builder — Make Builder | Medium | 6.4 | 2025-03-22 06:41:13 | Deep Dive |
| CVE-2025-2104 | Page Builder: Pagelayer – Drag and Drop website builder <= 1.9.9 - Missing Authorization to Authenticated (Contributor+) Post Publication | softaculous | Page Builder: Pagelayer – Drag and Drop website builder | Medium | 4.3 | 2025-03-13 04:21:05 | Deep Dive |
| CVE-2024-13430 | Page Builder: Pagelayer – Drag and Drop website builder <= 1.9.8 - Authenticated (Contributor+) Private Post Disclosure in pagelayer_builder_posts_shortcode | softaculous | Page Builder: Pagelayer – Drag and Drop website builder | Medium | 4.3 | 2025-03-12 08:21:37 | Deep Dive |
| CVE-2025-1926 | Page Builder: Pagelayer – Drag and Drop website builder <= 1.9.8 - Cross-Site Request Forgery (CSRF) To Post Contents Modification | softaculous | Page Builder: Pagelayer – Drag and Drop website builder | Medium | 4.3 | 2025-03-10 04:21:11 | Deep Dive |
| CVE-2024-12544 | SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any complexity <= 1.12.17 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Deletion via SurveyJS_DeleteFile | devsoftbaltic | SurveyJS: Drag & Drop Form Builder | High | 8.8 | 2025-03-01 07:24:06 | Deep Dive |
| CVE-2025-0859 | Post and Page Builder by BoldGrid <= 1.27.6 - Path Traversal to Authenticated (Contributor+) Arbitrary File Read via template_via_url Function | boldgrid | Post and Page Builder by BoldGrid – Visual Drag and Drop Editor | Medium | 6.5 | 2025-02-06 09:21:18 | Deep Dive |
| CVE-2024-12267 | Drag and Drop Multiple File Upload – Contact Form 7 <= 1.3.8.5 - Limited Arbitrary File Deletion | glenwpcoder | Drag and Drop Multiple File Upload for Contact Form 7 | Medium | 5.3 | 2025-01-31 11:11:09 | Deep Dive |
| CVE-2024-13509 | WS Form LITE and PRO <= 1.10.13 - Unauthenticated Stored Cross-Site Scripting | westguard | WS Form LITE – Drag & Drop Contact Form Builder | High | 7.2 | 2025-01-28 06:38:42 | Deep Dive |
| CVE-2024-12593 | PDF for WPForms + Drag and Drop Template Builder <= 4.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via yeepdf_dotab Shortcode | addonsorg | PDF for WPForms + Drag and Drop Template Builder | Medium | 6.4 | 2025-01-15 11:24:37 | Deep Dive |
| CVE-2025-22802 | WordPress Email Templates Customizer YeeMail plugin <= 2.1.4 - Cross Site Scripting (XSS) vulnerability | add-ons.org | Email Templates Customizer for WordPress – Drag And Drop Email Templates Builder – YeeMail | Medium | 6.5 | 2025-01-09 15:39:21 | Deep Dive |
| CVE-2024-12713 | SureForms – Drag and Drop Form Builder for WordPress <= 1.2.2 - Missing Authorization to Unauthenticated Protected Post Disclosure | brainstormforce | SureForms – Contact Form, Payment Form & Other Custom Form Builder | Medium | 5.3 | 2025-01-08 03:18:10 | Deep Dive |
| CVE-2024-12201 | Hash Form <= 1.2.1 - Missing Authorization to Authenticated (Contributor+) Form Style Creation | hashthemes | Hash Form – Drag & Drop Form Builder | Medium | 4.3 | 2024-12-12 06:46:34 | Deep Dive |
| CVE-2024-11436 | Drag & Drop Builder, Human Face Detector, Pre-built Templates, Spam Protection, User Email Notifications & more! <= 1.4.19 - Reflected Cross-Site Scripting | genetechproducts | Pie Forms — Drag & Drop Form Builder | Medium | 6.1 | 2024-12-07 01:45:48 | Deep Dive |
| CVE-2024-5020 | Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via FancyBox JavaScript Library | extendthemes | Colibri Page Builder | Medium | 6.4 | 2024-12-04 08:22:47 | Deep Dive |
| CVE-2024-10587 | Funnelforms Free <= 3.7.5.1 - Authenticated (Contributor+) PHP Object Injection | funnelforms | Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free | High | 8.8 | 2024-12-04 02:40:25 | Deep Dive |
| CVE-2024-11332 | HIPAA Compliant Forms with Drag’n’Drop HIPAA Form Builder. Sign HIPAA documents <= 1.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting | hipaatizer | HIPAA Compliant Forms with Drag’n’Drop HIPAA Form Builder. Sign HIPAA documents | Medium | 6.4 | 2024-11-23 04:32:21 | Deep Dive |
| CVE-2024-10265 | Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder <= 1.15.30 - Reflected Cross-Site Scripting via add_query_arg Parameter | 10web | Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder | Medium | 6.1 | 2024-11-10 12:30:34 | Deep Dive |