Vulnerabilities and security researches formega-forms mega-forms

Jun 07, 2024

CVE, Research URL: CVE-2022-40191
Home page URL: Security reports for Contact Form By Mega Forms – Drag and Drop Form Builder
Application: Contact Form By Mega Forms – Drag and Drop Form Builder
Date: Sep 09, 2022
Research Description: Authenticated (subscriber+) Stored Cross-Site Scripting (XSS) vulnerability in Ali Khallad's Contact Form By Mega Forms plugin <= 1.2.4 at WordPress.
Affected versions: Min -, max -.
Status: vulnerable

Sep 05, 2025

CVE, Research URL: CVE-2025-58639
Home page URL: Security reports for Contact Form By Mega Forms – Drag and Drop Form Builder
Application: Contact Form By Mega Forms – Drag and Drop Form Builder
Date: Sep 03, 2025
Research Description: Missing Authorization vulnerability in Ali Khallad Contact Form By Mega Forms allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Contact Form By Mega Forms: from n/a through 1.6.1.
Affected versions: Min -, max -.
Status: vulnerable