CVE-2026-32532

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThemeHunk Contact Form & Lead Form Elementor Builder lead-form-builder allows Stored XSS.This issue affects Contact Form & Lead Form Elementor Builder: from n/a through = 2.0.1...

CVE-2026-32532 WordPress Contact Form & Lead Form Elementor Builder plugin <= 2.0.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThemeHunk Contact Form & Lead Form Elementor Builder lead-form-builder allows Stored XSS.This issue affects Contact Form & Lead Form Elementor Builder: from n/a through = 2.0.1...

CVE-2025-68046

CVE-2025-68046 : Exposure of embedded sensitive data in WordPress plugin “ThemeHunk Contact Form & Lead Form Elementor Builder” (lead-form-builder)

WordPress Contact Form & Lead Form Elementor Builder Plugin <= 1.9.1 is vulnerable to Content Injection

Software Contact Form & Lead Form Elementor Builder Type Plugin Vulnerable versions = 1.9.1 Fixed in 1.9.2 OWASP Top 10 A3: Injection Classification Content Injection CVE CVE-2024-4261 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 5d051149eabf Credits stealthcopter...

WordPress Responsive Contact Form Builder & Lead Generation Plugin plugin <= 1.8.9 - Cross-Site Request Forgery vulnerability

Cross-Site Request Forgery vulnerability discovered by Duc Manh in WordPress Plugin Contact Form & Lead Form Elementor Builder versions = 1.8.9...

WordPress Contact Form & Lead Form Elementor Builder plugin <= 1.7.3 - Multiple Subscriber+ Settings Update vulnerabilities

Multiple Subscriber+ Settings Update vulnerabilities discovered by Yoru Oni in WordPress Contact Form & Lead Form Elementor Builder plugin versions = 1.7.3. Solution Update the WordPress Contact Form & Lead Form Elementor Builder plugin to the latest available version at least 1.7.4...

WordPress Contact Form & Lead Form Elementor Builder plugin <= 1.6.9 - Multiple Stored Cross-Site Scripting (XSS) vulnerabilities

Multiple Stored Cross-Site Scripting XSS vulnerabilities discovered by Yoru Oni in WordPress Contact Form & Lead Form Elementor Builder plugin versions = 1.6.9. Solution Update the WordPress Contact Form & Lead Form Elementor Builder plugin to the latest available version at least 1.7.0...

CVE-2021-24967 Contact Form & Lead Form Elementor Builder < 1.6.4 - Unauthenticated Stored Cross-Site Scripting

The Contact Form & Lead Form Elementor Builder WordPress plugin before 1.6.4 does not sanitise and escape some lead values, which could allow unauthenticated users to perform Cross-Site Scripting attacks against logged in admin viewing the inserted Leads...