Vulnerabilities and security researches forhappyforms happyforms

Jun 10, 2026

CVE, Research URL: CVE-2026-49768
Home page URL: Security reports for Form builder to get in touch with visitors, grow your email list and collect payments — Happyforms
Application: Form builder to get in touch with visitors, grow your email list and collect payments — Happyforms
Date: -
Research Description: Happyforms – Form Builder for WordPress: Drag & Drop Contact Forms, Surveys, Payments & Multipurpose Forms [happyforms] < 1.26.14 CVE-2026-49768
Affected versions: max 1.26.14.
Status: vulnerable

May 17, 2025

CVE, Research URL: CVE-2024-10054
Home page URL: Security reports for Form builder to get in touch with visitors, grow your email list and collect payments — Happyforms
Application: Form builder to get in touch with visitors, grow your email list and collect payments — Happyforms
Date: May 16, 2025
Research Description: The Happyforms WordPress plugin before 1.26.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
Affected versions: max 1.26.3.
Status: vulnerable

Sep 02, 2024

CVE, Research URL: CVE-2024-44063
Home page URL: Security reports for Form builder to get in touch with visitors, grow your email list and collect payments — Happyforms
Application: Form builder to get in touch with visitors, grow your email list and collect payments — Happyforms
Date: Sep 15, 2024
Research Description: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Happyforms allows Stored XSS.This issue affects Happyforms: from n/a through 1.26.0.
Affected versions: max 1.26.1.
Status: vulnerable

Jun 10, 2024

CVE, Research URL: CVE-2024-23521
Home page URL: Security reports for Form builder to get in touch with visitors, grow your email list and collect payments — Happyforms
Application: Form builder to get in touch with visitors, grow your email list and collect payments — Happyforms
Date: Jun 11, 2024
Research Description: Missing Authorization vulnerability in Happyforms.This issue affects Happyforms: from n/a through 1.25.10.
Affected versions: max 1.25.11.
Status: vulnerable

Jun 06, 2024

CVE, Research URL: CVE-2023-48752
Home page URL: Security reports for Form builder to get in touch with visitors, grow your email list and collect payments — Happyforms
Application: Form builder to get in touch with visitors, grow your email list and collect payments — Happyforms
Date: Nov 30, 2023
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Happyforms Form builder to get in touch with visitors, grow your email list and collect payments — Happyforms allows Reflected XSS.This issue affects Form builder to get in touch with visitors, grow your email list and collect payments — Happyforms: from n/a through 1.25.9.
Affected versions: max 1.25.10.
Status: vulnerable

CVE, Research URL: CVE-2023-0096
Home page URL: Security reports for Form builder to get in touch with visitors, grow your email list and collect payments — Happyforms
Application: Form builder to get in touch with visitors, grow your email list and collect payments — Happyforms
Date: Feb 07, 2023
Research Description: The Happyforms WordPress plugin before 1.22.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
Affected versions: max 1.22.0.
Status: vulnerable