| CVE-2025-67471 | WordPress Quick Contact Form plugin <= 8.2.5 - Cross Site Request Forgery (CSRF) vulnerability | Saad Iqbal | Quick Contact Form | Medium | 4.3 | 2025-12-09 14:13:56 | Deep Dive |
| CVE-2025-67468 | WordPress Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms plugin <= 1.4.6 - Broken Access Control vulnerability | CRM Perks | Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms | Medium | 4.3 | 2025-12-09 14:13:56 | Deep Dive |
| CVE-2025-13748 | Fluent Forms <= 6.1.7 - Unauthenticated Insecure Direct Object Reference to Payment Status Tampering via submission_id | techjewel | Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder | Medium | 5.3 | 2025-12-06 06:39:09 | Deep Dive |
| CVE-2025-13318 | Booking Calendar Contact Form <= 1.2.60 - Missing Authorization to Unauthenticated Arbitrary Booking Confirmation via 'dex_bccf_ipn' Parameter | codepeople | Booking Calendar Contact Form | Medium | 5.3 | 2025-11-22 08:30:30 | Deep Dive |
| CVE-2025-13384 | CP Contact Form with PayPal <= 1.3.56 - Missing Authorization to Unauthenticated Arbitrary Payment Confirmation | codepeople | CP Contact Form with PayPal | High | 7.5 | 2025-11-22 07:29:20 | Deep Dive |
| CVE-2025-12535 | SureForms <= 1.13.1 - Cross-Site Request Forgery Protection Bypass via Improper Nonce Distribution | brainstormforce | SureForms – Contact Form, Payment Form & Other Custom Form Builder | Medium | 5.3 | 2025-11-19 06:45:26 | Deep Dive |
| CVE-2025-64369 | WordPress Contact Form Email plugin <= 1.3.58 - Broken Access Control vulnerability | codepeople | Contact Form Email | 中危 | - | 2025-11-13 09:24:33 | Deep Dive |
| CVE-2025-12536 | SureForms <= 1.13.1 - Missing Authorization to Unauthenticated Sensitive Information Exposure | brainstormforce | SureForms – Contact Form, Payment Form & Other Custom Form Builder | Medium | 5.3 | 2025-11-13 03:27:39 | Deep Dive |
| CVE-2025-12167 | Contact Form 7 AWeber Extension <= 0.1.42 - Missing Authorization to Authenticated (Subscriber+) Log Reset | rnzo | Connect Contact Form 7 and AWeber | Medium | 4.3 | 2025-11-08 03:27:45 | Deep Dive |
| CVE-2025-11499 | Tablesome Table – Contact Form DB – WPForms, CF7, Gravity, Forminator, Fluent <= 1.1.32 - Unauthenticated Arbitrary File Upload | essekia | Tablesome Table – Contact Form DB – WPForms, CF7, Gravity, Forminator, Fluent | Critical | 9.8 | 2025-11-01 06:40:37 | Deep Dive |
| CVE-2025-4665 | WordPress plugin Contact Form CFDB7 安全漏洞 | WordPress Contact Form 7 Database Addon CFDB7 By Arshid | CFDB7 | Critical | 9.6 | 2025-10-28 23:54:29 | Deep Dive |
| CVE-2025-62915 | WordPress SMS Contact Form 7 Notifications by ClickSend plugin <= 1.4.0 - Broken Access Control vulnerability | clicksend | SMS Contact Form 7 Notifications by ClickSend | Medium | 4.3 | 2025-10-27 01:33:55 | Deep Dive |
| CVE-2025-62896 | WordPress Multilang Contact Form plugin <= 1.5 - Cross Site Request Forgery (CSRF) vulnerability | digitaldonkey | Multilang Contact Form | High | 7.1 | 2025-10-27 01:33:49 | Deep Dive |
| CVE-2025-52753 | WordPress Contact Form by Supsystic plugin <= 1.7.36 - Cross Site Scripting (XSS) vulnerability | supsystic | Contact Form by Supsystic | - | - | 2025-10-22 14:32:25 | Deep Dive |
| CVE-2025-9562 | Redirection for Contact Form 7 <= 3.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via qs_date Shortcode | themeisle | Redirection for Contact Form 7 | Medium | 6.4 | 2025-10-18 06:42:47 | Deep Dive |
| CVE-2025-10732 | SureForms – Drag and Drop Form Builder for WordPress <= 1.12.1 - Missing Authorization to Authenticated (Contributor+) Information Disclosure | brainstormforce | SureForms – Contact Form, Payment Form & Other Custom Form Builder | Medium | 4.3 | 2025-10-14 05:24:58 | Deep Dive |
| CVE-2025-9944 | Professional Contact Form <= 1.0.0 - Cross-Site Request Forgery to Test Email Sending | kelderic | Professional Contact Form | Medium | 4.3 | 2025-09-27 06:47:16 | Deep Dive |
| CVE-2025-10498 | Ninja Forms – The Contact Form Builder That Grows With You <= 3.12.0 - Cross-Site Request Forgery to Limited File Deletion | kstover | Ninja Forms – The Contact Form Builder That Grows With You | Medium | 4.3 | 2025-09-27 02:25:14 | Deep Dive |
| CVE-2025-10499 | Ninja Forms – The Contact Form Builder That Grows With You <= 3.12.0 - Cross-Site Request Forgery to Plugin Settings Update | kstover | Ninja Forms – The Contact Form Builder That Grows With You | Medium | 4.3 | 2025-09-27 02:25:13 | Deep Dive |
| CVE-2025-60169 | WordPress W3SCloud Contact Form 7 to Zoho CRM plugin <= 3.2 - Cross Site Request Forgery (CSRF) vulnerability | W3S Cloud Technology | W3SCloud Contact Form 7 to Zoho CRM | High | 7.1 | 2025-09-26 08:32:05 | Deep Dive |