| CVE-2023-1843 | Metform Elementor Contact Form Builder <= 3.3.0 - Missing Authorization | roxnor | MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor | Medium | 6.5 | 2023-06-09 05:33:19 | Deep Dive |
| CVE-2023-0709 | Metform Elementor Contact Form Builder <= 3.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via mf_last_name shortcode | roxnor | MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor | Medium | 5.4 | 2023-06-09 05:33:14 | Deep Dive |
| CVE-2023-0693 | Metform Elementor Contact Form Builder <= 3.3.1 - Authenticated (Subscriber+) Information Disclosure via 'mf_transaction_id' shortcode | roxnor | MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor | Medium | 6.5 | 2023-06-09 05:33:13 | Deep Dive |
| CVE-2023-0694 | Metform Elementor Contact Form Builder <= 3.3.1 - Authenticated (Subscriber+) Information Disclosure via mf shortcode | roxnor | MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor | Medium | 6.5 | 2023-06-09 05:33:12 | Deep Dive |
| CVE-2023-0695 | Metform Elementor Contact Form Builder <= 3.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via mf shortcode | roxnor | MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor | Medium | 5.4 | 2023-06-09 05:33:12 | Deep Dive |
| CVE-2020-36717 | Kali Forms <= 2.1.1 - Cross-Site Request Forgery | wpchill | Kali Forms — Contact Form & Drag-and-Drop Builder | High | 8.8 | 2023-06-07 01:51:36 | Deep Dive |
| CVE-2021-4367 | Flo Forms – Easy Drag & Drop Form Builder <= 1.0.35 - Options Change to Stored Cross-Site Scripting | flothemesplugins | Flo Forms – Easy Drag & Drop Form Builder | Medium | 6.4 | 2023-06-07 01:51:35 | Deep Dive |
| CVE-2019-25145 | Contact Form & SMTP Plugin by PirateForms <= 2.5.1 - Unauthenticated HTML injection | smub | Contact Form & SMTP Plugin for WordPress by PirateForms | High | 7.2 | 2023-06-07 01:51:34 | Deep Dive |
| CVE-2020-36720 | Kali Forms <= 2.1.1 - Missing Authorization to Settings Update | wpchill | Kali Forms — Contact Form & Drag-and-Drop Builder | High | 7.1 | 2023-06-07 01:51:34 | Deep Dive |
| CVE-2020-36715 | Login/Signup Popup < 1.5 - Missing Authorization | xootix | Login & Register Customizer – Popup | Slider | Inline | WooCommerce | High | 7.4 | 2023-06-07 01:51:33 | Deep Dive |
| CVE-2020-36712 | Kali Forms <= 2.1.1 - Unauthenticated Arbitrary Post Deletion | wpchill | Kali Forms — Contact Form & Drag-and-Drop Builder | High | 8.6 | 2023-06-07 01:51:32 | Deep Dive |
| CVE-2023-2301 | Contact Form Builder by vcita <= 4.10.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting | eyale-vc | Contact Form Builder by vcita | Medium | 6.1 | 2023-06-03 04:35:15 | Deep Dive |
| CVE-2023-2302 | Contact Form and Calls To Action by vcita <= 2.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting | vcita | Contact Form and Calls To Action by vcita | Medium | 6.4 | 2023-06-03 04:35:15 | Deep Dive |
| CVE-2023-2303 | Contact Form and Calls To Action by vcita <= 4.10.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting | eyale-vc | Contact Form Builder by vcita | Medium | 6.1 | 2023-06-03 04:35:14 | Deep Dive |
| CVE-2023-2300 | Contact Form Builder by vcita <= 4.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting | eyale-vc | Contact Form Builder by vcita | Medium | 6.4 | 2023-06-03 04:35:13 | Deep Dive |
| CVE-2023-3059 | SourceCodester Online Exam Form Submission update_s6.php sql injection | SourceCodester | Online Exam Form Submission | Medium | 6.3 | 2023-06-02 13:00:06 | Deep Dive |
| CVE-2023-2836 | CRM Perks Forms <= 1.1.1 - Authenticated (Admin+) Stored Cross-Site Scripting | crmperks | CRM Perks Forms – WordPress Form Builder | Medium | 4.4 | 2023-05-31 03:36:11 | Deep Dive |
| CVE-2015-10107 | Simplr Registration Form Plus+ Plugin cross site scripting | - | Simplr Registration Form Plus+ Plugin | Low | 3.5 | 2023-05-31 03:00:04 | Deep Dive |
| CVE-2023-27613 | WordPress Forms Ada Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS) | MonitorClick | Forms Ada – Form Builder | High | 7.1 | 2023-05-29 14:06:06 | Deep Dive |
| CVE-2023-33311 | WordPress Contact Form Entries Plugin <= 1.3.0 is vulnerable to Cross Site Scripting (XSS) | CRM Perks | Contact Form Entries | Medium | 6.5 | 2023-05-28 18:32:38 | Deep Dive |