Contact Form by WPForms
Syed Balkhi
Developer
1.9.8.4
Latest version
6,000,000
Installations
Nov 6, 2025
Last updated
Vulnerability history
0 present
14 fixed
1 Mitigation rules
- Authenticated (Contributor+) Stored Cross-Site Scripting via 'start_timestamp' Parameter vulnerability<= 1.9.5May 9, 2025
- Authenticated (Contributor+) Stored Cross-Site Scripting via fieldHTML Parameter vulnerability<= 1.9.3.1Feb 3, 2025
- Broken Access Control vulnerability<= 1.9.2.2Jan 3, 2025
- Admin+ Stored XSS vulnerability< 1.9.2.3Dec 26, 2024
- Missing Authorization to Authenticated (Subscriber+) Payment Refund and Subscription Cancellation vulnerability1.8.4-1.9.2.1Dec 9, 2024
- Admin+ Stored XSS vulnerability< 1.9.1.6Nov 25, 2024
- Cross-Site Request Forgery (CSRF) to Plugin's Log Deletion vulnerability<= 1.9.1.6Nov 12, 2024
- Unauthenticated Price Manipulation vulnerability<= 1.8.7.2May 2, 2024
- Reflected Cross Site Scripting (XSS) vulnerability<= 1.8.1.2Jun 20, 2023
- Authenticated Arbitrary File Access vulnerability<= 1.7.5.3Sep 19, 2022
- Authenticated Stored Cross-Site Scripting (XSS) vulnerability<= 1.6.0.1Jul 1, 2020
- Authenticated Cross-Site Scripting (XSS) vulnerability<= 1.5.8.2Mar 5, 2020
- Unauthenticated Cross-Site Scripting (XSS) vulnerability<= 1.4.8Dec 10, 2018
- Authenticated Stored Cross-Site Scripting (XSS) vulnerability<= 1.4.7Dec 7, 2018