VYPR

Wpforms Lite

by WordPress

Source repositories

CVEs (6)

  • CVE-2026-40764HigApr 15, 2026
    risk 0.53cvss 8.1epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Syed Balkhi Contact Form by WPForms wpforms-lite allows Cross Site Request Forgery.This issue affects Contact Form by WPForms: from n/a through <= 1.10.0.2.

  • CVE-2026-48835HigJun 15, 2026
    risk 0.49cvss 7.5epss 0.00

    Unauthenticated Broken Access Control in Contact Form by WPForms <= 1.10.0.4 versions.

  • CVE-2025-3794MedMay 9, 2025
    risk 0.35cvss 5.4epss 0.00

    The WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the start_timestamp parameter in all versions up to, and including, 1.9.5 due to insufficient input…

  • CVE-2026-7792MedJun 6, 2026
    risk 0.27cvss 5.3epss 0.00

    The WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More plugin for WordPress is vulnerable to Insufficient Verification of Data Authenticity in versions up to and including 1.10.0.1. This is due to the PayPal Commerce webhook endpoint…

  • CVE-2024-3649MedMay 2, 2024
    risk 0.27cvss 5.3epss 0.01

    The Contact Form by WPForms – Drag & Drop Form Builder for WordPress plugin for WordPress is vulnerable to price manipulation in versions up to, and including, 1.8.7.2. This is due to a lack of controls on several product parameters. This makes it possible for unauthenticated…

  • CVE-2023-30500Jun 22, 2023
    risk 0.00cvss epss 0.00

    Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPForms WPForms Lite (wpforms-lite), WPForms WPForms Pro (wpforms) plugins <= 1.8.1.2 versions.