threat
engine
.sh
Back
·
··:··
Home
/
Product
/
fluentforms contact form
Product
fluentforms contact form
42 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2025-5730
< 1.1.29
The Contact Form Plugin WordPress plugin before 1.1.29 does not sanitise and escape some of its settings, which could allow high p
4.3
MEDIUM
CVE-2024-11273
< 2.6.0
The Contact Form & SMTP Plugin for WordPress by PirateForms WordPress plugin before 2.6.0 does not sanitise and escape some of its
6.1
MEDIUM
CVE-2024-10646
< 5.2.7
The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to St
7.2
HIGH
CVE-2024-9651
< 5.2.1
The Fluent Forms WordPress plugin before 5.2.1 does not sanitise and escape some of its settings, which could allow high privileg
6.1
MEDIUM
CVE-2024-9528
< 5.1.20
The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to St
4.9
MEDIUM
CVE-2024-5053
< 5.1.19
The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to un
4.2
MEDIUM
CVE-2024-6703
< 5.1.20
The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to St
4.9
MEDIUM
CVE-2024-6521
< 5.1.20
The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to St
4.4
MEDIUM
CVE-2024-6520
< 5.1.20
The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to St
4.4
MEDIUM
CVE-2024-6518
< 5.1.20
The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to St
4.4
MEDIUM
CVE-2024-4157
< 5.1.16
The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to PH
7.5
HIGH
CVE-2024-4709
< 5.1.17
The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to St
6.4
MEDIUM
CVE-2024-2782
< 5.1.17
The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to un
7.5
HIGH
CVE-2024-2772
< 5.1.14
The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to St
6.4
MEDIUM
CVE-2024-2771
< 5.1.17
The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to pr
9.8
CRITICAL
CVE-2024-32147
< 1.1.25
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Form Plugin Team - GhozyLab
6.5
MEDIUM
CVE-2024-2200
< 4.2.9
The Contact Form by BestWebSoft plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘cntctfrm_contact_s
6.1
MEDIUM
CVE-2023-6957
< 5.1.10
The Fluent Forms plugin for WordPress by Fluent Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all ver
4.9
MEDIUM
CVE-2024-0618
<= 5.1.5
The Contact Form Plugin - Fastest Contact Form Builder Plugin for WordPress by Fluent Forms plugin for WordPress is vulnerable to
4.4
MEDIUM
CVE-2023-24410
<= 4.3.25
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Contact Form - WPManageNinja
5.5
MEDIUM
CVE-2023-45068
<= 1.7.27
Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Contact Form by Supsystic plugin <= 1.7.27 versions.
5.4
MEDIUM
CVE-2023-44231
<= 2.0.10
Cross-Site Request Forgery (CSRF) vulnerability in NickDuncan Contact Form plugin <= 2.0.10 versions.
4.3
MEDIUM
CVE-2023-30500
<= 1.8.1.2
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPForms Lite (wpforms-lite), WPForms Pro (wpforms) p
5.8
MEDIUM
CVE-2019-25145
<= 2.5.1
The Contact Form & SMTP Plugin by PirateForms plugin for WordPress is vulnerable to HTML injection in the ‘public/class-piratefo
7.2
HIGH
CVE-2023-2528
<= 1.7.24
The Contact Form by Supsystic plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1
5.4
MEDIUM
CVE-2023-0546
< 4.3.25
The Contact Form Plugin WordPress plugin before 4.3.25 does not properly sanitize and escape the srcdoc attribute in iframes in it
5.4
MEDIUM
CVE-2014-125095
all versions
A vulnerability was found in BestWebSoft Contact Form Plugin 1.3.4 on WordPress and classified as problematic. Affected by this is
3.5
LOW
CVE-2012-10010
all versions
A vulnerability was found in BestWebSoft Contact Form 3.21. It has been classified as problematic. This affects the function cntct
4.3
MEDIUM
CVE-2013-10022
all versions
A vulnerability, which was classified as problematic, has been found in BestWebSoft Contact Form Plugin 3.51 on WordPress. Affecte
3.5
LOW
CVE-2022-3463
< 4.3.13
The Contact Form Plugin WordPress plugin before 4.3.13 does not validate and escape fields when exporting form entries as CSV, lea
9.8
CRITICAL
CVE-2017-20055
all versions
A vulnerability classified as problematic has been found in BestWebSoft Contact Form Plugin 4.0.0. This affects an unknown part. T
3.5
LOW
CVE-2021-24777
< 1.3
The view submission functionality in the Hotscot Contact Form WordPress plugin before 1.3 makes a get request with the sub_id para
7.2
HIGH
CVE-2021-34620
< 3.6.67
The WP Fluent Forms plugin < 3.6.67 for WordPress is vulnerable to Cross-Site Request Forgery leading to stored Cross-Site Scripti
8.8
HIGH
CVE-2021-24276
< 1.7.15
The Contact Form by Supsystic WordPress plugin before 1.7.15 did not sanitise the tab parameter of its options page before outputt
6.1
MEDIUM
CVE-2020-10385
< 1.5.9
A stored cross-site scripting (XSS) vulnerability exists in the WPForms Contact Form (aka wpforms-lite) plugin before 1.5.9 for Wo
5.4
MEDIUM
CVE-2013-7481
< 3.3.5
The contact-form-plugin plugin before 3.3.5 for WordPress has XSS.
6.1
MEDIUM
CVE-2017-18491
< 4.0.6
The contact-form-plugin plugin before 4.0.6 for WordPress has multiple XSS issues.
6.1
MEDIUM
CVE-2016-10869
< 4.0.2
The contact-form-plugin plugin before 4.0.2 for WordPress has XSS.
6.1
MEDIUM
CVE-2015-9295
< 3.96
The contact-form-plugin plugin before 3.96 for WordPress has XSS.
6.1
MEDIUM
CVE-2013-7475
< 3.52
The contact-form-plugin plugin before 3.52 for WordPress has XSS.
6.1
MEDIUM
CVE-2017-2171
<= 4.0.5
Cross-site scripting vulnerability in Captcha prior to version 4.3.0, Car Rental prior to version 1.0.5, Contact Form Multi prior
6.1
MEDIUM
CVE-2007-4612
all versions
CRLF injection vulnerability in contact.php in Moonware (aka Dale Mooney Gallery) allows remote attackers to add arbitrary mail he
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin