| CVE-2025-67471 | WordPress Quick Contact Form plugin <= 8.2.5 - Cross Site Request Forgery (CSRF) vulnerability | Saad Iqbal | Quick Contact Form | Medium | 4.3 | 2025-12-09 14:13:56 | Deep Dive |
| CVE-2025-13748 | Fluent Forms <= 6.1.7 - Unauthenticated Insecure Direct Object Reference to Payment Status Tampering via submission_id | techjewel | Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder | Medium | 5.3 | 2025-12-06 06:39:09 | Deep Dive |
| CVE-2025-13696 | Zigaform <= 7.6.5 - Unauthenticated Form Submission Data Disclosure in rocket_front_payment_seesummary AJAX Endpoint | softdiscover | Zigaform – Price Calculator & Cost Estimation Form Builder Lite | Medium | 5.3 | 2025-12-02 07:24:31 | Deep Dive |
| CVE-2025-13140 | SurveyJS: Drag & Drop WordPress Form Builder <= 1.12.20 - Cross-Site Request Forgery to Survey Deletion | devsoftbaltic | SurveyJS: Drag & Drop Form Builder | Medium | 4.3 | 2025-12-02 06:40:25 | Deep Dive |
| CVE-2025-13318 | Booking Calendar Contact Form <= 1.2.60 - Missing Authorization to Unauthenticated Arbitrary Booking Confirmation via 'dex_bccf_ipn' Parameter | codepeople | Booking Calendar Contact Form | Medium | 5.3 | 2025-11-22 08:30:30 | Deep Dive |
| CVE-2025-13384 | CP Contact Form with PayPal <= 1.3.56 - Missing Authorization to Unauthenticated Arbitrary Payment Confirmation | codepeople | CP Contact Form with PayPal | High | 7.5 | 2025-11-22 07:29:20 | Deep Dive |
| CVE-2025-66079 | WordPress Gutenverse Form plugin <= 2.2.0 - Broken Access Control vulnerability | Jegstudio | Gutenverse Form | Medium | 6.5 | 2025-11-21 12:29:57 | Deep Dive |
| CVE-2025-13159 | Flo Forms – Easy Drag & Drop Form Builder <= 1.0.43 - Unauthenticated Stored Cross-Site Scripting via SVG Upload | flothemesplugins | Flo Forms – Easy Drag & Drop Form Builder | High | 7.1 | 2025-11-21 07:31:52 | Deep Dive |
| CVE-2025-12535 | SureForms <= 1.13.1 - Cross-Site Request Forgery Protection Bypass via Improper Nonce Distribution | brainstormforce | SureForms – Contact Form, Payment Form & Other Custom Form Builder | Medium | 5.3 | 2025-11-19 06:45:26 | Deep Dive |
| CVE-2025-12761 | Simple multi step form - Moderately critical - Cross-site Scripting - SA-CONTRIB-2025-116 | Drupal | Simple multi step form | - | - | 2025-11-18 16:56:14 | Deep Dive |
| CVE-2025-12528 | Pie Forms for WP <= 1.6 - Unauthenticated Arbitrary File Upload | genetechproducts | Pie Forms — Drag & Drop Form Builder | High | 8.1 | 2025-11-18 08:27:31 | Deep Dive |
| CVE-2025-64369 | WordPress Contact Form Email plugin <= 1.3.58 - Broken Access Control vulnerability | codepeople | Contact Form Email | Medium | 6.5 | 2025-11-13 09:24:33 | Deep Dive |
| CVE-2025-12536 | SureForms <= 1.13.1 - Missing Authorization to Unauthenticated Sensitive Information Exposure | brainstormforce | SureForms – Contact Form, Payment Form & Other Custom Form Builder | Medium | 5.3 | 2025-11-13 03:27:39 | Deep Dive |
| CVE-2025-12167 | Contact Form 7 AWeber Extension <= 0.1.42 - Missing Authorization to Authenticated (Subscriber+) Log Reset | rnzo | Connect Contact Form 7 and AWeber | Medium | 4.3 | 2025-11-08 03:27:45 | Deep Dive |
| CVE-2025-11499 | Tablesome Table – Contact Form DB – WPForms, CF7, Gravity, Forminator, Fluent <= 1.1.32 - Unauthenticated Arbitrary File Upload | essekia | Tablesome Table – Contact Form DB – WPForms, CF7, Gravity, Forminator, Fluent | Critical | 9.8 | 2025-11-01 06:40:37 | Deep Dive |
| CVE-2015-10147 | Easy Testimonial Slider and Form <= 1.0.2 - Authenticated (Admin+) SQL injection | nik00726 | Easy Testimonial Slider and Form | Medium | 4.9 | 2025-10-29 09:27:58 | Deep Dive |
| CVE-2025-4665 | WordPress plugin Contact Form CFDB7 安全漏洞 | WordPress Contact Form 7 Database Addon CFDB7 By Arshid | CFDB7 | Critical | 9.6 | 2025-10-28 23:54:29 | Deep Dive |
| CVE-2025-62915 | WordPress SMS Contact Form 7 Notifications by ClickSend plugin <= 1.4.0 - Broken Access Control vulnerability | clicksend | SMS Contact Form 7 Notifications by ClickSend | Medium | 4.3 | 2025-10-27 01:33:55 | Deep Dive |
| CVE-2025-62896 | WordPress Multilang Contact Form plugin <= 1.5 - Cross Site Request Forgery (CSRF) vulnerability | digitaldonkey | Multilang Contact Form | High | 7.1 | 2025-10-27 01:33:49 | Deep Dive |
| CVE-2025-10694 | User Feedback – Create Interactive Feedback Form, User Surveys, and Polls in Seconds <= 1.8.0 - Missing Authorization to Information Disclosure | smub | UserFeedback – Create Interactive Feedback Form, User Surveys, and Polls in Seconds | Medium | 5.3 | 2025-10-25 05:31:23 | Deep Dive |