| CVE-2024-13573 | Zigaform – Form Builder Lite <= 7.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting | softdiscover | Zigaform – Form Builder Lite | Medium | 6.4 | 2025-02-18 04:21:18 | Deep Dive |
| CVE-2024-13587 | Zigaform – Price Calculator & Cost Estimation Form Builder Lite <= 7.4.7 - Authenticated (Contributor+) Stored Cross-Site Scripting | softdiscover | Zigaform – Price Calculator & Cost Estimation Form Builder Lite | Medium | 6.4 | 2025-02-18 04:21:10 | Deep Dive |
| CVE-2024-13829 | WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto <= 8.0.8 - Unauthenticated Sensitive Information Exposure | tripetto | WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto | Medium | 5.3 | 2025-02-05 05:22:32 | Deep Dive |
| CVE-2024-13403 | WPForms Lite <= 1.9.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via fieldHTML Parameter | smub | WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More | Medium | 6.4 | 2025-02-04 08:21:07 | Deep Dive |
| CVE-2025-0470 | Forminator <= 1.38.2 - Reflected Cross-Site Scripting via Title Parameter | wpmudev | Forminator Forms – Contact Form, Payment Form & Custom Form Builder | Medium | 6.1 | 2025-01-31 03:21:29 | Deep Dive |
| CVE-2024-13470 | Ninja Forms – The Contact Form Builder That Grows With You <= 3.8.24 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | kstover | Ninja Forms – The Contact Form Builder That Grows With You | Medium | 6.4 | 2025-01-30 07:23:05 | Deep Dive |
| CVE-2024-13509 | WS Form LITE and PRO <= 1.10.13 - Unauthenticated Stored Cross-Site Scripting | westguard | WS Form LITE – Drag & Drop Contact Form Builder | High | 7.2 | 2025-01-28 06:38:42 | Deep Dive |
| CVE-2024-13450 | Contact Form by Bit Form <= 2.17.4 - Authenticated (Administrator+) Server-Side Request Forgery | bitpressadmin | Bit Form – Custom Contact Form, Multi Step, Conversational Form & Payment Form builder | Low | 3.8 | 2025-01-25 08:23:16 | Deep Dive |
| CVE-2025-24672 | WordPress Form Builder CP Plugin <= 1.2.41 - SQL Injection vulnerability | codepeople | Form Builder CP | High | 8.5 | 2025-01-24 17:24:46 | Deep Dive |
| CVE-2024-13680 | Form Builder CP <= 1.2.41 - Authenticated (Contributor+) SQL Injection | codepeople | Form Builder CP | Medium | 6.5 | 2025-01-24 07:04:09 | Deep Dive |
| CVE-2025-22295 | WordPress Tripetto plugin <= 8.0.6 - Cross Site Scripting (XSS) vulnerability | Tripetto | WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto | 中危 | - | 2025-01-09 15:39:33 | Deep Dive |
| CVE-2024-12112 | Easy Form Builder <= 3.8.8 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting | hassantafreshi | Easy Form Builder by WhiteStudio — Drag & Drop Form Builder | Medium | 6.4 | 2025-01-08 03:18:11 | Deep Dive |
| CVE-2024-12713 | SureForms – Drag and Drop Form Builder for WordPress <= 1.2.2 - Missing Authorization to Unauthenticated Protected Post Disclosure | brainstormforce | SureForms – Contact Form, Payment Form & Other Custom Form Builder | Medium | 5.3 | 2025-01-08 03:18:10 | Deep Dive |
| CVE-2024-12532 | BWD Elementor Addons <= 4.3.18 - Authenticated (Contributor+) Sensitive Information Exposure via Elementor Templates | bestwpdeveloper | BWD Elementor Addons | Medium | 4.3 | 2025-01-07 11:11:12 | Deep Dive |
| CVE-2024-56002 | WordPress Contact Form, Survey & Form Builder – MightyForms plugin <= 1.3.9 - Broken Access Control vulnerability | mightyforms | Contact Form, Survey & Form Builder – MightyForms | Medium | 6.4 | 2024-12-31 13:50:18 | Deep Dive |
| CVE-2024-12238 | Ninja Forms – The Contact Form Builder That Grows With You <= 3.8.22 - Authenticated (Subscriber+) Arbitrary Shortcode Execution | kstover | Ninja Forms – The Contact Form Builder That Grows With You | Medium | 6.3 | 2024-12-29 05:22:54 | Deep Dive |
| CVE-2024-10862 | NEX-Forms <= 8.7.15 - Authenticated (Admin+) SQL Injection | webaways | NEX-Forms – Ultimate Forms Plugin for WordPress | Medium | 4.9 | 2024-12-25 06:42:14 | Deep Dive |
| CVE-2024-12428 | WP Data Access – App, Table, Form and Chart Builder plugin <= 5.5.22 - Unauthenticated SQL Injection | peterschulznl | WP Data Access – App Builder for Tables, Forms, Charts, Maps & Dashboards | High | 7.5 | 2024-12-25 04:22:04 | Deep Dive |
| CVE-2024-12190 | Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder <= 2.17.3 - Missing Authorization to Authenticated (Subscriber+) Form Submission Disclosure | bitpressadmin | Bit Form – Custom Contact Form, Multi Step, Conversational Form & Payment Form builder | Medium | 4.3 | 2024-12-25 03:21:32 | Deep Dive |
| CVE-2024-10646 | Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.2.6 - Unauthenticated Stored Cross-Site Scripting via Form Subject | techjewel | Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder | High | 7.2 | 2024-12-14 05:34:14 | Deep Dive |