CVE-2026-40764

A CSRF vulnerability in the WordPress plugin Contact Form by WPForms (package wpforms-lite ) affects versions ≤ 1.10.0.2. The issue is described as a Cross-Site Request Forgery vulnerability that allows unauthorized actions to be performed in the context of an authenticated user. The connected do...

CVE-2026-25339

CVE-2026-25339 concerns the WordPress plugin WPForms Lite (Contact Form by WPForms)

CVE-2026-32446 WordPress Contact Form by WPForms plugin <= 1.9.9.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in Syed Balkhi Contact Form by WPForms wpforms-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form by WPForms: from n/a through = 1.9.9.3...

WordPress plugin Contact Form by WPForms 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added t...

WordPress Contact Form by WPForms plugin <= 1.6.0.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Fortinet in WordPress Contact Form by WPForms plugin versions = 1.6.0.1. Solution Update the WordPress Contact Form by WPForms plugin to the latest available version at least 1.6.0.2...