Contact Form by WPForms — Vulnerabilities & Security Advisories 4

All 4 CVE vulnerabilities found in Contact Form by WPForms, with AI-generated Chinese analysis, references, and POCs.

CVE ID	Title	CVSS	Severity	Published
CVE-2026-40764	WordPress Contact Form by WPForms plugin <= 1.10.0.2 - Cross Site Request Forgery (CSRF) vulnerability CWE-352	8.1	High	2026-04-15
CVE-2026-25339	WordPress Contact Form by WPForms plugin <= 1.9.8.7 - Sensitive Data Exposure vulnerability CWE-201	6.5	Medium	2026-03-25
CVE-2026-32446	WordPress Contact Form by WPForms plugin <= 1.9.9.3 - Broken Access Control vulnerability CWE-862	4.3	Medium	2026-03-13
CVE-2024-56276	WordPress WPForms Lite plugin <= 1.9.2.2 - Broken Access Control vulnerability CWE-862	4.3	Medium	2025-01-07

All 4 known CVE vulnerabilities affecting Contact Form by WPForms with full Chinese analysis, references, and POCs where available.