PT-2026-40009

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Aman Views for WPForms views-for-wpforms-lite allows Blind SQL Injection.This issue affects Views for WPForms: from n/a through = 3.4.6...

CVE-2026-40764

Cross-Site Request Forgery CSRF vulnerability in Syed Balkhi Contact Form by WPForms wpforms-lite allows Cross Site Request Forgery.This issue affects Contact Form by WPForms: from n/a through = 1.10.0.2...

CVE-2026-40764

Cross-Site Request Forgery CSRF vulnerability in Syed Balkhi Contact Form by WPForms wpforms-lite allows Cross Site Request Forgery.This issue affects Contact Form by WPForms: from n/a through = 1.10.0.2...

CVE-2026-25339

Insertion of Sensitive Information Into Sent Data vulnerability in Syed Balkhi Contact Form by WPForms wpforms-lite allows Retrieve Embedded Sensitive Data.This issue affects Contact Form by WPForms: from n/a through = 1.9.8.7...

CVE-2026-32446

Missing Authorization vulnerability in Syed Balkhi Contact Form by WPForms wpforms-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form by WPForms: from n/a through = 1.9.9.3...

EUVD-2026-11991

Missing Authorization vulnerability in Syed Balkhi Contact Form by WPForms wpforms-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form by WPForms: from n/a through = 1.9.9.3...

CVE-2026-32446

Missing Authorization vulnerability in Syed Balkhi Contact Form by WPForms wpforms-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form by WPForms: from n/a through = 1.9.9.3...

EUVD-2023-34915

Malicious code in bioql PyPI...

CVE-2023-30500

Unauth. Reflected Cross-Site Scripting XSS vulnerability in WPForms WPForms Lite wpforms-lite, WPForms WPForms Pro wpforms plugins = 1.8.1.2 versions...

CVE-2025-3794 WPForms Lite <= 1.9.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'start_timestamp' Parameter

The WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the starttimestamp parameter in all versions up to, and including, 1.9.5 due to insufficient input sanitization and output escaping...

CVE-2025-3794 WPForms Lite <= 1.9.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'start_timestamp' Parameter

The WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the starttimestamp parameter in all versions up to, and including, 1.9.5 due to insufficient input sanitization and output escaping...

CVE-2025-3794

CVE-2025-3794 refers to WPForms Lite

WordPress WPForms Lite plugin <= 1.9.3.1 XSS Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wpforms:contactform"; if description...

CVE-2024-13403

CVE-2024-13403 affects WPForms Lite for WordPress (versions up to and including 1.9.3.1). The vulnerability is a stored cross-site scripting flaw in the fieldHTML parameter caused by insufficient input sanitization and output escaping. Exploitation requires an authenticated user with Contributor-...

CVE-2024-13403 WPForms Lite <= 1.9.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via fieldHTML Parameter

The WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘fieldHTML’ parameter in all versions up to, and including, 1.9.3.1 due to insufficient input sanitization and output escaping...

WordPress WPForms Lite plugin <= 1.9.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via fieldHTML Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via fieldHTML Parameter vulnerability discovered by Asaf Mozes in WordPress Plugin Contact Form by WPForms versions = 1.9.3.1...

CVE-2024-56276 WordPress WPForms Lite plugin <= 1.9.2.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in WPForms Contact Form by WPForms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form by WPForms: from n/a through 1.9.2.2...

CVE-2024-56276 WordPress WPForms Lite plugin <= 1.9.2.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Syed Balkhi Contact Form by WPForms wpforms-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form by WPForms: from n/a through = 1.9.2.2...

CVE-2024-56276

CVE-2024-56276 is a Missing Authorization vulnerability in WPForms Contact Form (WPForms Lite) that affects Contact Form by WPForms: from n/a through 1.9.2.2. The root cause is misconfigured access control security levels, enabling unauthorized access to or manipulation of form-related functional...

WordPress WPForms Lite plugin <= 1.9.2.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Contact Form by WPForms versions = 1.9.2.2...