| CVE-2025-24774 | WordPress WPCRM - CRM for Contact form CF7 & WooCommerce plugin <= 3.2.0 - Reflected Cross Site Scripting (XSS) vulnerability | mojoomla | WPCRM - CRM for Contact form CF7 & WooCommerce | High | 7.1 | 2025-06-27 11:52:47 | Deep Dive |
| CVE-2025-52817 | WordPress Abandoned Contact Form 7 plugin <= 2.2 - Broken Access Control vulnerability | ZealousWeb | Abandoned Contact Form 7 | High | 8.2 | 2025-06-27 11:52:17 | Deep Dive |
| CVE-2025-5398 | Ninja Forms <= 3.10.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via CSTI | kstover | Ninja Forms – The Contact Form Builder That Grows With You | Medium | 6.4 | 2025-06-27 09:23:19 | Deep Dive |
| CVE-2025-6212 | Ultra Addons for Contact Form 7 3.5.11 - 3.5.19 - Unauthenticated Stored Cross-Site Scripting via Database module | themefic | Ultra Addons for Contact Form 7 | High | 7.2 | 2025-06-26 09:22:03 | Deep Dive |
| CVE-2025-49988 | WordPress Contact Form 7 AWeber Extension plugin <= 0.1.40 - Broken Access Control vulnerability | Renzo Johnson | Contact Form 7 AWeber Extension | Medium | 5.3 | 2025-06-20 15:04:09 | Deep Dive |
| CVE-2025-52794 | WordPress Creative Contact Form plugin <= 1.0.0 - Cross Site Request Forgery (CSRF) Vulnerability | Creative-Solutions | Creative Contact Form | High | 7.1 | 2025-06-20 15:03:41 | Deep Dive |
| CVE-2025-6220 | Ultimate Addons for Contact Form 7 <= 3.5.12 - Authenticated (Administrator+) Arbitrary File Upload via 'save_options' | themefic | Ultra Addons for Contact Form 7 | High | 7.2 | 2025-06-18 11:16:31 | Deep Dive |
| CVE-2025-24773 | WordPress WPCRM - CRM for Contact form CF7 & WooCommerce plugin <= 3.2.0 - SQL Injection Vulnerability | mojoomla | WPCRM - CRM for Contact form CF7 & WooCommerce | Critical | 9.3 | 2025-06-17 15:01:40 | Deep Dive |
| CVE-2025-49330 | WordPress Integration for Contact Form 7 and Zoho CRM, Bigin plugin <= 1.3.0 - PHP Object Injection Vulnerability | CRM Perks | Integration for Contact Form 7 and Zoho CRM, Bigin | Critical | 9.8 | 2025-06-17 15:01:23 | Deep Dive |
| CVE-2025-3515 | Drag and Drop Multiple File Upload for Contact Form 7 <= 1.3.8.9 - Unauthenticated Arbitrary File Upload via Insufficient Blacklist Checks | glenwpcoder | Drag and Drop Multiple File Upload for Contact Form 7 | High | 8.1 | 2025-06-17 09:21:39 | Deep Dive |
| CVE-2025-31045 | WordPress elfsight Contact Form widget plugin <= 2.3.1 - Sensitive Data Exposure Vulnerability | elfsight | elfsight Contact Form widget | High | 7.5 | 2025-06-09 15:56:47 | Deep Dive |
| CVE-2025-24772 | WordPress Pay with Contact Form 7 plugin <= 1.0.4 - Cross Site Request Forgery (CSRF) Vulnerability | cmsMinds | Pay with Contact Form 7 | Medium | 5.4 | 2025-06-06 12:54:39 | Deep Dive |
| CVE-2025-30935 | WordPress Contact Form plugin <= 2.0.12 - Cross Site Scripting (XSS) Vulnerability | NickDuncan | Contact Form | Medium | 6.5 | 2025-06-06 12:54:17 | Deep Dive |
| CVE-2025-5341 | Forminator <= 1.44.1 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via id and data-size Parameters | wpmudev | Forminator Forms – Contact Form, Payment Form & Custom Form Builder | Medium | 6.4 | 2025-06-05 11:15:06 | Deep Dive |
| CVE-2025-5539 | Simplify Contact Management: WP Easy Contact <= 4.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting | emarket-design | Simple Contact Form Plugin for WordPress – WP Easy Contact | Medium | 6.4 | 2025-06-04 04:22:42 | Deep Dive |
| CVE-2025-4659 | Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms <= 1.4.4 - Unauthenticated Full Path Disclosure | crmperks | Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms | Medium | 5.3 | 2025-05-30 05:23:20 | Deep Dive |
| CVE-2025-5055 | Smart Forms <= 2.6.98 - Authenticated (Admin+) Stored Cross-Site Scripting | edgarrojas | Smart Forms – when you need more than just a contact form | Medium | 4.4 | 2025-05-24 02:23:04 | Deep Dive |
| CVE-2025-48245 | WordPress Quick Contact Form plugin <= 8.2.1 - Reflected Cross Site Scripting (XSS) vulnerability | Saad Iqbal | Quick Contact Form | High | 7.1 | 2025-05-23 12:43:17 | Deep Dive |
| CVE-2025-3201 | Kali Forms < 2.4.3 - Contributor+ Stored XSS | Unknown | Contact Form builder with drag & drop for WordPress | - | - | 2025-05-16 06:00:04 | Deep Dive |
| CVE-2024-12716 | Simple Basic Contact Form < 20250114 - Admin+ Stored XSS | Unknown | Simple Basic Contact Form | - | - | 2025-05-15 20:06:54 | Deep Dive |