| CVE-2026-0825 | Database for Contact Form 7, WPforms, Elementor forms <= 1.4.5 - Missing Authorization to Unauthenticated Form Data Exfiltration via CSV Export | crmperks | Database for Contact Form 7, WPforms, Elementor forms | Medium | 5.3 | 2026-01-28 06:43:43 | Deep Dive |
| CVE-2025-13205 | SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any complexity <= 2.5.2 - Cross-Site Request Forgery to Survey Cloning | devsoftbaltic | SurveyJS: Drag & Drop Form Builder | Medium | 4.3 | 2026-01-24 09:08:09 | Deep Dive |
| CVE-2025-13194 | SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any complexity <= 2.5.2 - Cross-Site Request Forgery to Survey Renaming | devsoftbaltic | SurveyJS: Drag & Drop Form Builder | Medium | 4.3 | 2026-01-24 09:08:08 | Deep Dive |
| CVE-2025-13139 | SurveyJS: Drag & Drop WordPress Form Builder <= 2.5.2 - Cross-Site Request Forgery to Survey Creation | devsoftbaltic | SurveyJS: Drag & Drop Form Builder | Medium | 4.3 | 2026-01-24 09:08:06 | Deep Dive |
| CVE-2026-0633 | MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor <= 4.1.0 - Unauthenticated Form Submission Exposure via Forgeable Cookie Value | roxnor | MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor | Low | 3.7 | 2026-01-24 08:26:36 | Deep Dive |
| CVE-2026-24559 | WordPress Integration for Contact Form 7 HubSpot plugin <= 1.4.3 - Sensitive Data Exposure vulnerability | CRM Perks | Integration for Contact Form 7 HubSpot | Medium | 5.3 | 2026-01-23 14:28:55 | Deep Dive |
| CVE-2026-24557 | WordPress Contact Form 7 GetResponse Extension plugin <= 1.0.8 - Sensitive Data Exposure vulnerability | WEN Solutions | Contact Form 7 GetResponse Extension | 中危 | - | 2026-01-23 14:28:54 | Deep Dive |
| CVE-2026-22472 | WordPress Easy Form Builder plugin <= 3.9.6 - Broken Access Control vulnerability | hassantafreshi | Easy Form Builder | Medium | 4.3 | 2026-01-22 16:52:42 | Deep Dive |
| CVE-2026-22463 | WordPress Form to Chat App plugin <= 1.2.5 - Cross Site Scripting (XSS) vulnerability | Micro.company | Form to Chat App | - | - | 2026-01-22 16:52:40 | Deep Dive |
| CVE-2025-68046 | WordPress Contact Form & Lead Form Elementor Builder plugin <= 2.0.1 - Sensitive Data Exposure vulnerability | ThemeHunk | Contact Form & Lead Form Elementor Builder | - | - | 2026-01-22 16:52:06 | Deep Dive |
| CVE-2025-12825 | User Registration Using Contact Form 7 <= 2.5 - Authenticated (Subscriber+) Information Exposure | zealopensource | User Registration Using Contact Form 7 | Medium | 5.3 | 2026-01-17 04:34:02 | Deep Dive |
| CVE-2025-12718 | Quick Contact Form <= 8.2.6 - Unauthenticated Open Mail Relay | saadiqbal | Quick Contact Form | Medium | 5.8 | 2026-01-17 02:22:33 | Deep Dive |
| CVE-2025-14457 | Drag and Drop Multiple File Upload for Contact Form 7 <= 1.3.9.2 - Missing Authorization to Unauthenticated File Deletion | glenwpcoder | Drag and Drop Multiple File Upload for Contact Form 7 | Low | 3.7 | 2026-01-15 06:45:04 | Deep Dive |
| CVE-2025-12178 | SpiceForms Form Builder <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | aankit | SpiceForms Form Builder | Medium | 6.4 | 2026-01-14 05:28:12 | Deep Dive |
| CVE-2025-14976 | User Registration & Membership <= 4.4.8 - Cross-Site Request Forgery to Arbitrary Post Deletion | wpeverest | User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder | Medium | 5.4 | 2026-01-10 08:22:57 | Deep Dive |
| CVE-2025-13717 | Contact Form vCard Generator <= 2.4 - Missing Authorization to Unauthenticated Sensitive Information Exposure via 'wp-gvc-cf-download-id' Parameter | ashishajani | Contact Form vCard Generator | Medium | 5.3 | 2026-01-09 11:15:35 | Deep Dive |
| CVE-2025-14782 | Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.49.1 - Missing Authorization to Authenticated (Forminator User+) CSV Export | wpmudev | Forminator Forms – Contact Form, Payment Form & Custom Form Builder | Medium | 5.3 | 2026-01-09 06:34:53 | Deep Dive |
| CVE-2025-14984 | Gutenverse Form <= 2.3.2 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload | jegstudio | Gutenverse Form – Contact Form Builder, Booking, Reservation, Subscribe for Block Editor | Medium | 6.4 | 2026-01-08 09:20:52 | Deep Dive |
| CVE-2025-13722 | Fluent Forms <= 6.1.7 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Form Creation via AI Builder | techjewel | Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder | Medium | 5.3 | 2026-01-07 09:21:06 | Deep Dive |
| CVE-2025-14028 | Contact Us Simple Form <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Settings | bruterdregz | Contact Us Simple Form | Medium | 4.4 | 2026-01-07 09:20:54 | Deep Dive |