| CVE-2026-1307 | Ninja Forms <= 3.14.1 - Authenticated (Contributor+) Sensitive Information Disclosure via Block Editor Token | kstover | Ninja Forms – The Contact Form Builder That Grows With You | Medium | 6.5 | 2026-03-28 06:46:09 | Deep Dive |
| CVE-2026-32527 | WordPress WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms plugin <= 1.1.5 - Broken Access Control vulnerability | CRM Perks | WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms | 中危 | - | 2026-03-25 16:15:09 | Deep Dive |
| CVE-2026-25430 | WordPress Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms plugin <= 1.2.2 - Broken Access Control vulnerability | CRM Perks | Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms | Medium | 6.5 | 2026-03-25 16:14:49 | Deep Dive |
| CVE-2026-2568 | WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms <= 1.1.5 - Unauthenticated Stored Cross-Site Scripting | crmperks | WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms | High | 7.2 | 2026-03-03 09:24:12 | Deep Dive |
| CVE-2026-2268 | Ninja Forms <= 3.14.0 - Unauthenticated Information Disclosure in nf_ajax_submit AJAX Action | kstover | Ninja Forms – The Contact Form Builder That Grows With You | High | 7.5 | 2026-02-10 09:26:05 | Deep Dive |
| CVE-2025-11924 | Ninja Forms – The Contact Form Builder That Grows With You <= 3.13.2 - Insecure Direct Object Reference to Unauthenticated Sensitive Information Exposure via Unscoped Bearer Token | kstover | Ninja Forms – The Contact Form Builder That Grows With You | High | 7.5 | 2025-12-17 06:42:31 | Deep Dive |
| CVE-2025-67468 | WordPress Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms plugin <= 1.4.6 - Broken Access Control vulnerability | CRM Perks | Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms | Medium | 4.3 | 2025-12-09 14:13:56 | Deep Dive |
| CVE-2025-10498 | Ninja Forms – The Contact Form Builder That Grows With You <= 3.12.0 - Cross-Site Request Forgery to Limited File Deletion | kstover | Ninja Forms – The Contact Form Builder That Grows With You | Medium | 4.3 | 2025-09-27 02:25:14 | Deep Dive |
| CVE-2025-10499 | Ninja Forms – The Contact Form Builder That Grows With You <= 3.12.0 - Cross-Site Request Forgery to Plugin Settings Update | kstover | Ninja Forms – The Contact Form Builder That Grows With You | Medium | 4.3 | 2025-09-27 02:25:13 | Deep Dive |
| CVE-2025-7697 | Integration for Google Sheets and Contact Form 7, WPForms, Elementor, Ninja Forms <= 1.1.1 - Unauthenticated PHP Object Injection via verify_field_val Function | crmperks | Integration for Google Sheets and Contact Form 7, WPForms, Elementor, Ninja Forms | Critical | 9.8 | 2025-07-19 04:23:03 | Deep Dive |
| CVE-2025-7696 | Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms <= 1.2.3 - Unauthenticated PHP Object Injection via verify_field_val Function | crmperks | Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms | Critical | 9.8 | 2025-07-19 04:23:02 | Deep Dive |
| CVE-2025-5398 | Ninja Forms <= 3.10.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via CSTI | kstover | Ninja Forms – The Contact Form Builder That Grows With You | Medium | 6.4 | 2025-06-27 09:23:19 | Deep Dive |
| CVE-2025-4659 | Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms <= 1.4.4 - Unauthenticated Full Path Disclosure | crmperks | Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms | Medium | 5.3 | 2025-05-30 05:23:20 | Deep Dive |
| CVE-2025-32269 | WordPress WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms Plugin <= 1.1.3 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability | CRM Perks | WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms | Medium | 4.3 | 2025-04-04 15:59:43 | Deep Dive |
| CVE-2025-30863 | WordPress Integration for Google Sheets and Contact Form 7, WPForms, Elementor, Ninja Forms plugin <= 1.0.9 - Cross Site Request Forgery (CSRF) vulnerability | CRM Perks | Integration for Google Sheets and Contact Form 7, WPForms, Elementor, Ninja Forms | Medium | 4.3 | 2025-03-27 10:55:33 | Deep Dive |
| CVE-2024-13470 | Ninja Forms – The Contact Form Builder That Grows With You <= 3.8.24 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | kstover | Ninja Forms – The Contact Form Builder That Grows With You | Medium | 6.4 | 2025-01-30 07:23:05 | Deep Dive |
| CVE-2025-24708 | WordPress WP Dynamics CRM plugin <= 1.1.6 - Reflected Cross Site Scripting (XSS) vulnerability | CRM Perks | WP Dynamics CRM for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms | High | 7.1 | 2025-01-27 14:22:18 | Deep Dive |
| CVE-2024-12238 | Ninja Forms – The Contact Form Builder That Grows With You <= 3.8.22 - Authenticated (Subscriber+) Arbitrary Shortcode Execution | kstover | Ninja Forms – The Contact Form Builder That Grows With You | Medium | 6.3 | 2024-12-29 05:22:54 | Deep Dive |
| CVE-2024-11052 | Ninja Forms – The Contact Form Builder That Grows With You <= 3.8.19 - Unauthenticated Stored Cross-Site Scripting via Form Calculations | kstover | Ninja Forms – The Contact Form Builder That Grows With You | High | 7.2 | 2024-12-12 05:24:24 | Deep Dive |
| CVE-2024-3866 | Ninja Forms Contact Form <= 3.8.15 - Reflected Self-Based Cross-Site Scripting via Referer | kstover | Ninja Forms – The Contact Form Builder That Grows With You | Medium | 4.7 | 2024-09-25 06:49:02 | Deep Dive |