cleantalk
Vulnerabilities and Security Researches

Contact Form by WPForms – Drag & Drop Form Builder for WordPress, CVE-2026-40764

CVE, Research URL

CVE-2026-40764

Home page URL

Security reports for Contact Form by WPForms – Drag & Drop Form Builder for WordPress

Application

Contact Form by WPForms – Drag & Drop Form Builder for WordPress

Published on
Apr 15, 2026
Research Description
Cross-Site Request Forgery (CSRF) vulnerability in Syed Balkhi Contact Form by WPForms wpforms-lite allows Cross Site Request Forgery.This issue affects Contact Form by WPForms: from n/a through <= 1.10.0.2.
Affected versions
max 1.10.0.3.
Status
vulnerable
Previous vulnerability researches
Stripe Express (4b8502a4cf5209c95f7abee1405df2d2eac8a87d) , Jun 07, 2024
Stripe Express (CVE-2026-8893) , Jun 07, 2026
New vulnerability
WP Security Safe (CVE-2023-33999) , Jun 13, 2026
YouTube Easy Embed (Wall/Rail) (CVE-2023-33999) , Jun 13, 2026
Customer Order History for WooCommerce (CVE-2023-33999) , Jun 13, 2026
Availability datepicker &#8211; Integrate with Contact Form 7 and Divi (CVE-2023-33999) , Jun 13, 2026
Premmerce Variation Swatches for WooCommerce (CVE-2023-33999) , Jun 13, 2026