Contact form
This hub aggregates every CVE we track for Contact form, a product in the web cms plugins space. Use it to gauge the current risk picture and drill into individual advisories.
47
CVEs tracked
2
Critical
8
High
0
In CISA KEV
Severity distribution
MEDIUM34HIGH8LOW3CRITICAL2
Monthly trend
4
0
1
1
0
2
0
0
1
0
0
2
0
0
0
0
0
0
0
0
0
0
0
0
2024-072026-06
Latest CVEs
The 15 most recently published vulnerabilities affecting Contact form.
- CVE-2025-5730Easy Contact Form Lite < 1.1.29 - Contributor+ Stored XSS4.3
- CVE-2025-30935WordPress Contact Form plugin <= 2.0.12 - Cross Site Scripting (XSS) Vulnerability6.5
- CVE-2024-11273Contact Form & SMTP Plugin for WordPress by PirateForms < 2.6.0 - Admin+ Stored XSS6.1
- CVE-2024-10646Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.2.6 - Unauthenticated Stored Cross-Site Scripting via Form Subject7.2
- CVE-2024-9651Contact Form Plugin by Fluent Forms < 5.2.1 - Admin+ Stored XSS6.1
- CVE-2024-9528Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.19 - Authenticated (Form Manager+) Stored Cross-Site Scripting4.9
- CVE-2024-5053Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.18 - Missing Authorization to Authenticated (Subscriber+) Mailchimp Integration Modification4.2
- CVE-2024-6703Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.19 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Welcome Screen Fields4.9
- CVE-2024-6518Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.19 - Authenticated (Administrator+) Stored Cross-Site Scripting5.5
- CVE-2024-6520Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.19 - Authenticated (Administrator+) Stored Cross-Site Scripting5.5
- CVE-2024-6521Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.19 - Authenticated (Administrator+) Stored Cross-Site Scripting5.5
- CVE-2024-4157Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.15 - PHP Object Injection via extractDynamicValues7.5
- CVE-2024-4709Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.16 - Authenticated (Contributor+) Stored Cross-Site Scripting7.2
- CVE-2024-2772Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.13 - Authenticated (Subscriber+) Stored Cross-Site Scripting6.4
- CVE-2024-2782Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.16 - Missing Authorization to Setting Manipulation7.5
Product normalization is registry-driven with AI assist and human review. How it works