| CVE-2025-58636 | WordPress WP Gravity Forms Keap/Infusionsoft Plugin <= 1.2.3 - Deserialization of untrusted data Vulnerability | CRM Perks | WP Gravity Forms Keap/Infusionsoft | 中危 | - | 2025-11-06 15:54:27 | Deep Dive |
| CVE-2025-49905 | WordPress Range Slider Addon for Gravity Forms plugin <= 1.1.6 - Cross Site Scripting (XSS) vulnerability | PluginsCafe | Range Slider Addon for Gravity Forms | High | 7.1 | 2025-11-06 15:53:56 | Deep Dive |
| CVE-2025-48330 | WordPress Real Time Validation for Gravity Forms <= 1.7.0 - Local File Inclusion Vulnerability | Daman Jeet | Real Time Validation for Gravity Forms | High | 7.5 | 2025-11-06 15:53:49 | Deep Dive |
| CVE-2025-8871 | Everest Forms (Pro) <= 1.9.7 - Unauthenticated PHP Object Injection via PHAR Deserialization in Form Signature | WPEverest | Everest Forms Pro | Medium | 5.6 | 2025-11-05 02:25:52 | Deep Dive |
| CVE-2025-12094 | OOPSpam Anti-Spam: Spam Protection for WordPress Forms & Comments (No CAPTCHA) <= 1.2.53 - Unauthenticated IP Header Spoofing | oopspam | OOPSpam Anti-Spam: Spam Protection for WordPress Forms & Comments (No CAPTCHA) | Medium | 5.3 | 2025-10-31 08:25:55 | Deep Dive |
| CVE-2025-9544 | Doppler Forms <= 2.5.1 - Subscriber+ Limited Plugin Installation | Unknown | Doppler Forms | - | - | 2025-10-29 06:00:07 | Deep Dive |
| CVE-2025-62981 | WordPress WP Gravity Forms Zoho CRM and Bigin plugin <= 1.2.8 - Open Redirection vulnerability | CRM Perks | WP Gravity Forms Zoho CRM and Bigin | Medium | 4.7 | 2025-10-27 01:34:20 | Deep Dive |
| CVE-2025-9322 | Stripe Payment Forms <= 8.3.1 - Unauthenticated SQL Injection | themeisle | Stripe Payment Forms by WP Full Pay – Accept Credit Card Payments, Donations & Subscriptions | High | 7.5 | 2025-10-25 06:49:23 | Deep Dive |
| CVE-2025-11889 | AIO Forms <= 1.3.18 - Authenticated (Admin+) Arbitrary File Upload via Zip Import | edgarrojas | AIO Forms – Craft Complex Forms Easily | High | 7.2 | 2025-10-24 08:24:01 | Deep Dive |
| CVE-2025-60209 | WordPress Connector for Gravity Forms and Google Sheets plugin <= 1.2.6 - PHP Object Injection vulnerability | CRM Perks | Connector for Gravity Forms and Google Sheets | - | - | 2025-10-22 14:32:43 | Deep Dive |
| CVE-2025-60210 | WordPress Everest Forms - Frontend Listing plugin <= 1.0.5 - PHP Object Injection Vulnerability | wpeverest | Everest Forms - Frontend Listing | - | - | 2025-10-22 14:32:43 | Deep Dive |
| CVE-2025-60151 | WordPress WP Gravity Forms HubSpot Plugin <= 1.2.5 - Open Redirection Vulnerability | CRM Perks | WP Gravity Forms HubSpot | - | - | 2025-10-22 14:32:42 | Deep Dive |
| CVE-2025-58966 | WordPress NEX-Forms LITE plugin < 8.2 - Cross Site Scripting (XSS) vulnerability | Basix | NEX-Forms LITE | High | 7.1 | 2025-10-22 14:32:36 | Deep Dive |
| CVE-2017-20208 | RegistrationMagic - Custom Registration Forms <= 3.7.9.2 - PHP Object Injection | metagauss | RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login | Critical | 9.8 | 2025-10-18 03:33:25 | Deep Dive |
| CVE-2025-10732 | SureForms – Drag and Drop Form Builder for WordPress <= 1.12.1 - Missing Authorization to Authenticated (Contributor+) Information Disclosure | brainstormforce | SureForms – Contact Form, Payment Form & Other Custom Form Builder | Medium | 4.3 | 2025-10-14 05:24:58 | Deep Dive |
| CVE-2025-8606 | GSheetConnector For Gravity Forms <= 1.3.23 - Cross-Site Request Forgery to Arbitrary Plugin Activation/Deactivation | westerndeal | GSheetConnector for Gravity Forms – Send Gravity Forms Entries to Google Sheets in Real-Time | Low | 2.4 | 2025-10-11 09:28:41 | Deep Dive |
| CVE-2025-8593 | GSheetConnector For Gravity Forms <= 1.3.27 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation | westerndeal | GSheetConnector for Gravity Forms – Send Gravity Forms Entries to Google Sheets in Real-Time | High | 8.8 | 2025-10-11 09:28:40 | Deep Dive |
| CVE-2025-10185 | NEX-Forms – Ultimate Forms Plugin for WordPress <= 9.1.6 - Authenticated (Admin+) SQL Injection | webaways | NEX-Forms – Ultimate Forms Plugin for WordPress | Medium | 4.9 | 2025-10-11 07:25:58 | Deep Dive |
| CVE-2025-11204 | RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login <= 6.0.6.2 - Authenticated (Administrator+) SQL Injection | metagauss | RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login | High | 7.2 | 2025-10-08 04:23:40 | Deep Dive |
| CVE-2025-10309 | PayPal Forms <= 1.0.3 - Cross-Site Request Forgery | bsmye | PayPal Forms | Medium | 4.3 | 2025-10-03 11:17:16 | Deep Dive |