Contact Form & Lead Form Elementor Builder
Approved changes feed: RSS · Atom
cpe:2.3:a:themehunk:contact_form_\&_lead_form_elementor_builder:*:*:*:*:*:wordpress:*:*
part: a version: * update: *
| Vendor | Themehunk (b3cb38a5-b275-5673-a051-0d6ce3409958) |
|---|---|
| Product | Contact Form & Lead Form Elementor Builder (69a8e882-7be2-583e-8ee5-6093a5ff74ea) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | wordpress |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2024-3637 |
vulnerable | 2026-06-03 14:56:31.545225 |
Responsive Contact Form Builder & Lead Generation Plugin <= 1.8.9 - Admin+ Stored XSS
The Responsive Contact Form Builder & Lead Generation Plugin WordPress plugin through 1.8.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
Published: 2024-05-03T06:00:02.151Z
Updated: 2025-03-20T13:29:13.546Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-10475 |
vulnerable | 2026-06-03 14:54:11.809295 |
Lead Form Builder < 1.9.8 - Admin+ Stored XSS
The Responsive Contact Form Builder & Lead Generation Plugin WordPress plugin before 1.9.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
Published: 2025-05-15T20:06:43.490Z
Updated: 2025-05-20T19:40:42.456Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-23180 |
vulnerable | 2026-06-03 14:46:26.643525 |
Contact Form & Lead Form Elementor Builder Plugin < 1.7.4 - Multiple Subscriber+ Settings Update
The Contact Form & Lead Form Elementor Builder WordPress plugin before 1.7.4 doesn't have authorisation and nonce checks, which could allow any authenticated users, such as subscriber to update and change various settings
Published: 2024-01-16T15:52:09.047Z
Updated: 2025-06-16T18:03:39.592Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-23179 |
vulnerable | 2026-06-03 14:46:26.643020 |
Contact Form & Lead Form Elementor Builder < 1.7.0 - Multiple Admin+ Stored Cross-Site Scripting
The Contact Form & Lead Form Elementor Builder WordPress plugin before 1.7.0 does not escape some of its form fields before outputting them in attributes, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
Published: 2024-01-16T15:52:09.488Z
Updated: 2026-01-09T21:03:33.289Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-24967 |
vulnerable | 2026-06-03 14:44:04.114559 |
Contact Form & Lead Form Elementor Builder < 1.6.4 - Unauthenticated Stored Cross-Site Scripting
The Contact Form & Lead Form Elementor Builder WordPress plugin before 1.6.4 does not sanitise and escape some lead values, which could allow unauthenticated users to perform Cross-Site Scripting attacks against logged in admin viewing the inserted Leads
Published: 2021-12-27T10:33:21.000Z
Updated: 2024-08-03T19:49:14.104Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.