| CVE-2024-5084 | Hash Form – Drag & Drop Form Builder <= 1.1.0 - Unauthenticated Arbitrary File Upload to Remote Code Execution | hashthemes | Hash Form – Drag & Drop Form Builder | Critical | 9.8 | 2024-05-23 14:31:39 | Deep Dive |
| CVE-2024-5085 | Hash Form – Drag & Drop Form Builder <= 1.1.0 - Unauthenticated PHP Object Injection | hashthemes | Hash Form – Drag & Drop Form Builder | High | 8.1 | 2024-05-23 14:31:38 | Deep Dive |
| CVE-2024-4157 | Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.15 - PHP Object Injection via extractDynamicValues | techjewel | Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder | High | 7.5 | 2024-05-22 07:37:24 | Deep Dive |
| CVE-2024-4709 | Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.16 - Authenticated (Contributor+) Stored Cross-Site Scripting | techjewel | Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder | Medium | 6.4 | 2024-05-18 07:38:35 | Deep Dive |
| CVE-2024-2772 | Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.13 - Authenticated (Subscriber+) Stored Cross-Site Scripting | techjewel | Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder | Medium | 6.4 | 2024-05-18 07:38:33 | Deep Dive |
| CVE-2024-2782 | Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.16 - Missing Authorization to Setting Manipulation | techjewel | Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder | High | 7.5 | 2024-05-18 07:38:33 | Deep Dive |
| CVE-2024-2771 | Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.16 - Missing Authorization to Settings Update and Limited Privilege Escalation | techjewel | Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder | Critical | 9.8 | 2024-05-18 07:38:21 | Deep Dive |
| CVE-2024-4400 | Post and Page Builder by BoldGrid – Visual Drag and Drop Editor <= 1.26.4 - Authenticated (Contributer+) Stored Cross-Site Scripting | boldgrid | Post and Page Builder by BoldGrid – Visual Drag and Drop Editor | Medium | 6.4 | 2024-05-16 11:05:29 | Deep Dive |
| CVE-2024-2542 | Jotform Online Forms <= 1.3.1 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode | jotform | Online Forms — Customizable Payment, Contact, Quiz, Survey Form Builder – Jotform | Medium | 6.4 | 2024-05-02 16:52:25 | Deep Dive |
| CVE-2024-3649 | Contact Form by WPForms – Drag & Drop Form Builder for WordPress <= 1.8.7.2 - Unauthenticated Price Manipulation | smub | WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More | Medium | 5.3 | 2024-05-02 16:52:13 | Deep Dive |
| CVE-2024-3717 | Drag and Drop Multiple File Upload – Contact Form 7 <= 1.3.7.7 - Sensitive Information Exposure | glenwpcoder | Drag and Drop Multiple File Upload for Contact Form 7 | Medium | 5.3 | 2024-05-02 16:51:48 | Deep Dive |
| CVE-2024-2258 | Form Maker by 10Web <= 1.15.24 - Authenticated (Subscriber+) Stored Self-Based Cross-Site Scripting | 10web | Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder | Medium | 4.4 | 2024-04-27 03:33:35 | Deep Dive |
| CVE-2024-2504 | Page Builder: Pagelayer – Drag and Drop website builder <= 1.8.4 - Authenticated(Contributor+) Stored Cross-Site Scripting via custom attributes | softaculous | Page Builder: Pagelayer – Drag and Drop website builder | Medium | 6.4 | 2024-04-09 18:59:21 | Deep Dive |
| CVE-2024-2112 | Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder <= 1.15.22 - Sensitive Information Exposure | 10web | Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder | Medium | 5.9 | 2024-04-09 18:58:50 | Deep Dive |
| CVE-2024-2108 | Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress <= 3.8.0 - Authenticated (Author+) Stored Cross-Site Scripting | kstover | Ninja Forms – The Contact Form Builder That Grows With You | Medium | 4.6 | 2024-03-29 06:44:01 | Deep Dive |
| CVE-2024-2113 | Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress <= 3.8.0 - Cross-Site Request Forgery to Publicly Accessible Form Submission Export | kstover | Ninja Forms – The Contact Form Builder That Grows With You | Medium | 4.3 | 2024-03-29 06:43:58 | Deep Dive |
| CVE-2024-2888 | WordPress Post and Page Builder by BoldGrid plugin <= 1.26.2 - Cross Site Scripting (XSS) vulnerability | BoldGrid | Post and Page Builder by BoldGrid – Visual Drag and Drop Editor | Medium | 6.5 | 2024-03-26 05:41:02 | Deep Dive |
| CVE-2023-6957 | Fluent Forms <= 5.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting | techjewel | Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder | Medium | 4.9 | 2024-03-13 15:27:25 | Deep Dive |
| CVE-2024-0386 | weForms <= 1.6.21 - Unauthenticated Stored Cross-Site Scripting via Referer | boldgrid | weForms – Easy Drag & Drop Contact Form Builder For WordPress | High | 7.2 | 2024-03-12 21:34:34 | Deep Dive |
| CVE-2024-2127 | Page Builder: Pagelayer – Drag and Drop website builder <= 1.8.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Attributes | softaculous | Page Builder: Pagelayer – Drag and Drop website builder | Medium | 6.4 | 2024-03-07 19:33:05 | Deep Dive |