| CVE-2025-29000 | WordPress Multi-language Responsive Contact Form plugin <= 2.8 - Broken Access Control Vulnerability | August Infotech | Multi-language Responsive Contact Form | High | 7.5 | 2025-07-16 11:28:11 | Deep Dive |
| CVE-2025-48345 | WordPress Contact Form 7 Editor Button plugin <= 1.0.0 - Reflected Cross Site Scripting (XSS) vulnerability | arisoft | Contact Form 7 Editor Button | High | 7.1 | 2025-07-16 11:28:01 | Deep Dive |
| CVE-2025-52777 | WordPress Pay with Contact Form 7 plugin <= 1.0.4 - Cross Site Scripting (XSS) Vulnerability | cmsMinds | Pay with Contact Form 7 | High | 7.1 | 2025-07-16 11:27:56 | Deep Dive |
| CVE-2025-54020 | WordPress AntiSpam for Contact Form 7 plugin <= 0.6.3 - Cross Site Request Forgery (CSRF) Vulnerability | Erik | AntiSpam for Contact Form 7 | Medium | 5.4 | 2025-07-16 10:36:44 | Deep Dive |
| CVE-2025-54015 | WordPress HT Contact Form 7 plugin <= 2.0.0 - Local File Inclusion Vulnerability | HT Plugins | HT Contact Form 7 | Medium | 6.6 | 2025-07-16 10:36:43 | Deep Dive |
| CVE-2025-7340 | HT Contact Form Widget For Elementor Page Builder & Gutenberg Blocks & Form Builder. <= 2.2.1 - Unauthenticated Arbitrary File Upload | htplugins | HT Contact Form – Drag & Drop Form Builder for WordPress | Critical | 9.8 | 2025-07-15 04:23:42 | Deep Dive |
| CVE-2025-7360 | HT Contact Form Widget For Elementor Page Builder & Gutenberg Blocks & Form Builder. <= 2.2.1 - Directory Traversal to Arbitrary File Move | htplugins | HT Contact Form – Drag & Drop Form Builder for WordPress | Critical | 9.1 | 2025-07-15 04:23:42 | Deep Dive |
| CVE-2025-7341 | HT Contact Form Widget For Elementor Page Builder & Gutenberg Blocks & Form Builder. <= 2.2.1 - Unauthenticated Arbitrary File Deletion | htplugins | HT Contact Form – Drag & Drop Form Builder for WordPress | Critical | 9.1 | 2025-07-15 04:23:41 | Deep Dive |
| CVE-2025-6740 | Contact Form 7 Database Addon <= 1.3.1 - Unauthenticated Stored Cross-Site Scripting via tmpD Parameter | arshidkv12 | Database Addon for Contact Form 7 – CFDB7 | Medium | 6.1 | 2025-07-04 11:18:25 | Deep Dive |
| CVE-2025-48231 | WordPress Booking Calendar Contact Form plugin <= 1.2.58 - Cross Site Scripting (XSS) Vulnerability | codepeople | Booking Calendar Contact Form | Medium | 6.5 | 2025-07-04 11:18:03 | Deep Dive |
| CVE-2025-23972 | WordPress Contact Form 7 reCAPTCHA plugin <= 1.2.0 - Cross Site Request Forgery (CSRF) Vulnerability | Brian S. Reed | Contact Form 7 reCAPTCHA | Medium | 4.3 | 2025-07-04 08:42:04 | Deep Dive |
| CVE-2024-13451 | Contact Form by Bit Form <= 2.17.5 - Unauthenticated Sensitive Information Exposure | bitpressadmin | Bit Form – Custom Contact Form, Multi Step, Conversational Form & Payment Form builder | Medium | 5.3 | 2025-07-02 05:29:18 | Deep Dive |
| CVE-2025-6464 | Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.44.2 - Unauthenticated PHP Object Injection (PHAR) Triggered via Administrator Form Submission Deletion | wpmudev | Forminator Forms – Contact Form, Payment Form & Custom Form Builder | High | 7.5 | 2025-07-02 05:29:17 | Deep Dive |
| CVE-2025-6463 | Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.44.2 - Unauthenticated Arbitrary File Deletion Triggered via Administrator Form Submission Deletion | wpmudev | Forminator Forms – Contact Form, Payment Form & Custom Form Builder | High | 8.8 | 2025-07-02 04:24:56 | Deep Dive |
| CVE-2025-6756 | Ultra Addons for Contact Form 7 <= 3.5.21 - Authenticated (Contributor+) Stored Cross-Site Scripting via UACF7_CUSTOM_FIELDS Shortcode | themefic | Ultra Addons for Contact Form 7 | Medium | 6.4 | 2025-07-01 09:25:05 | Deep Dive |
| CVE-2025-5730 | Easy Contact Form Lite < 1.1.29 - Contributor+ Stored XSS | Unknown | Contact Form Plugin | 中危 | - | 2025-06-30 06:00:02 | Deep Dive |
| CVE-2025-53325 | WordPress Beauty Contact Popup Form plugin <= 6.0 - Cross Site Scripting (XSS) Vulnerability | Dilip kumar | Beauty Contact Popup Form | Medium | 5.9 | 2025-06-27 13:21:41 | Deep Dive |
| CVE-2025-53322 | WordPress Accept Authorize.NET Payments Using Contact Form 7 plugin <= 2.5 - Sensitive Data Exposure Vulnerability | ZealousWeb | Accept Authorize.NET Payments Using Contact Form 7 | Medium | 5.3 | 2025-06-27 13:21:39 | Deep Dive |
| CVE-2025-53309 | WordPress Accept Stripe Payments Using Contact Form 7 plugin <= 3.0 - Sensitive Data Exposure Vulnerability | ZealousWeb | Accept Stripe Payments Using Contact Form 7 | Medium | 5.3 | 2025-06-27 13:21:33 | Deep Dive |
| CVE-2025-53304 | WordPress Contact Form – 7 : Hide Success Message plugin <= 1.1.4 - Broken Access Control Vulnerability | Rohil | Contact Form – 7 : Hide Success Message | Medium | 5.3 | 2025-06-27 13:21:30 | Deep Dive |