| CVE-2023-30493 | WordPress Ultimate Addons for Contact Form 7 Plugin <= 3.2.0 is vulnerable to Cross Site Scripting (XSS) | Themefic | Ultimate Addons for Contact Form 7 | High | 7.1 | 2023-09-27 10:54:37 | Deep Dive |
| CVE-2023-5125 | Contact Form by FormGet <= 5.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | pankajagarwal | Contact Form by FormGet – Best Form Builder Plugin for WordPress | Medium | 6.4 | 2023-09-23 04:29:41 | Deep Dive |
| CVE-2023-4213 | Simplr Registration Form Plus+ <= 2.4.5 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary User Password Change | mpvanwinkle77 | Simplr Registration Form Plus+ | High | 8.8 | 2023-09-13 02:54:11 | Deep Dive |
| CVE-2023-25465 | WordPress wp tell a friend popup form Plugin <= 7.1 is vulnerable to Cross Site Scripting (XSS) | Gopi Ramasamy | wp tell a friend popup form | Medium | 5.9 | 2023-09-04 09:52:30 | Deep Dive |
| CVE-2023-0689 | Metform Elementor Contact Form Builder <= 3.3.1 - Authenticated (Subscriber+) Information Disclosure via 'mf_first_name' shortcode | roxnor | MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor | Medium | 4.3 | 2023-08-31 05:33:06 | Deep Dive |
| CVE-2023-4109 | Ninja Forms < 3.6.26 - Admin+ Stored HTML Injection | Unknown | Ninja Forms Contact Form | 中危 | - | 2023-08-30 14:22:02 | Deep Dive |
| CVE-2023-4596 | Forminator <= 1.24.6 - Unauthenticated Arbitrary File Upload | wpmudev | Forminator Forms – Contact Form, Payment Form & Custom Form Builder | Critical | 9.8 | 2023-08-30 01:45:37 | Deep Dive |
| CVE-2023-25981 | WordPress BuddyForms Plugin <= 2.8.1 is vulnerable to Cross Site Scripting (XSS) | ThemeKraft | Post Form | Medium | 6.5 | 2023-08-25 09:54:39 | Deep Dive |
| CVE-2023-32498 | WordPress Easy Form by AYS Plugin <= 1.2.0 is vulnerable to Cross Site Scripting (XSS) | Easy Form team | Easy Form by AYS | Medium | 5.9 | 2023-08-23 13:48:05 | Deep Dive |
| CVE-2023-2802 | Ultimate Addons for Contact Form 7 < 3.1.29 - Admin+ Stored XSS | Unknown | Ultimate Addons for Contact Form 7 | 中危 | - | 2023-08-14 19:10:20 | Deep Dive |
| CVE-2023-2803 | Ultimate Addons for Contact Form 7 < 3.1.29 - Reflected XSS | Unknown | Ultimate Addons for Contact Form 7 | 中危 | - | 2023-08-14 19:10:17 | Deep Dive |
| CVE-2023-3645 | Contact Form Builder by Bit Form < 2.2.0 - Admin+ Stored XSS | Unknown | Contact Form Builder by Bit Form | 中危 | - | 2023-08-14 19:10:17 | Deep Dive |
| CVE-2023-37988 | WordPress Contact Form Generator Plugin <= 2.5.5 is vulnerable to Cross Site Scripting (XSS) | Creative Solutions | Contact Form Generator | High | 7.1 | 2023-08-10 10:39:27 | Deep Dive |
| CVE-2023-37979 | WordPress Ninja Forms Plugin <= 3.6.25 is vulnerable to Cross Site Scripting (XSS) | Saturday Drive | Ninja Forms Contact Form | High | 7.1 | 2023-07-27 14:08:06 | Deep Dive |
| CVE-2023-3248 | All-in-one Floating Contact Form < 2.1.2 - Admin+ Stored Cross-Site Scripting | Unknown | All-in-one Floating Contact Form, Call, Chat, and 50+ Social Icon Tabs | 中危 | - | 2023-07-24 10:20:25 | Deep Dive |
| CVE-2023-36384 | WordPress Booking Calendar Contact Form Plugin <= 1.2.40 is vulnerable to Cross Site Scripting (XSS) | CodePeople | Booking Calendar Contact Form | High | 7.1 | 2023-07-18 14:17:40 | Deep Dive |
| CVE-2023-3342 | User Registration <= 3.0.2 - Authenticated (Subscriber+) Arbitrary File Upload | wpeverest | User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder | Critical | 9.9 | 2023-07-13 02:04:15 | Deep Dive |
| CVE-2023-3343 | User Registration <= 3.0.1 - Authenticated (Subscriber+) PHP Object Injection | wpeverest | User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder | High | 8.8 | 2023-07-13 02:04:15 | Deep Dive |
| CVE-2023-2517 | Metform Elementor Contact Form Builder <= 3.3.2 - Cross-Site Request Forgery via permalink_setup | roxnor | MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor | Medium | 5.4 | 2023-07-12 04:38:50 | Deep Dive |
| CVE-2021-4417 | Forminator – Contact Form, Payment Form & Custom Form Builder <= 1.13.4 - Cross-Site Request Forgery Bypass | wpmudev | Forminator Forms – Contact Form, Payment Form & Custom Form Builder | Medium | 5.4 | 2023-07-12 03:40:46 | Deep Dive |