cleantalk
Vulnerabilities and Security Researches

Contact Form by WPForms – Drag & Drop Form Builder for WordPress, CVE-2026-40764

CVE, Research URL

CVE-2026-40764

Home page URL

Security reports for Contact Form by WPForms – Drag & Drop Form Builder for WordPress

Application

Contact Form by WPForms – Drag & Drop Form Builder for WordPress

Published on
Apr 15, 2026
Research Description
Cross-Site Request Forgery (CSRF) vulnerability in Syed Balkhi Contact Form by WPForms wpforms-lite allows Cross Site Request Forgery.This issue affects Contact Form by WPForms: from n/a through <= 1.10.0.2.
Affected versions
max 1.10.0.3.
Status
vulnerable
Previous vulnerability researches
Page Builder: Pagelayer &#8211; Drag and Drop website builder (CVE-2025-24573) , Jan 26, 2025
Page Builder: Pagelayer &#8211; Drag and Drop website builder (CVE-2026-3297) , Jun 13, 2026
Page Builder: Pagelayer &#8211; Drag and Drop website builder (CVE-2026-2470) , Jun 13, 2026
Page Builder: Pagelayer &#8211; Drag and Drop website builder (CVE-2025-1926) , Mar 10, 2025
Page Builder: Pagelayer &#8211; Drag and Drop website builder (CVE-2024-13427) , May 25, 2025
New vulnerability
WP Security Safe (CVE-2023-33999) , Jun 13, 2026
YouTube Easy Embed (Wall/Rail) (CVE-2023-33999) , Jun 13, 2026
Customer Order History for WooCommerce (CVE-2023-33999) , Jun 13, 2026
Availability datepicker &#8211; Integrate with Contact Form 7 and Divi (CVE-2023-33999) , Jun 13, 2026
Premmerce Variation Swatches for WooCommerce (CVE-2023-33999) , Jun 13, 2026