WordPress Contact Form & Lead Form Elementor Builder Plugin <= 1.9.1 is vulnerable to Content Injection

Software Contact Form & Lead Form Elementor Builder Type Plugin Vulnerable versions = 1.9.1 Fixed in 1.9.2 OWASP Top 10 A3: Injection Classification Content Injection CVE CVE-2024-4261 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 5d051149eabf Credits stealthcopter...

WordPress Contact Form & Lead Form Elementor Builder plugin <= 1.7.3 - Multiple Subscriber+ Settings Update vulnerabilities

Multiple Subscriber+ Settings Update vulnerabilities discovered by Yoru Oni in WordPress Contact Form & Lead Form Elementor Builder plugin versions = 1.7.3. Solution Update the WordPress Contact Form & Lead Form Elementor Builder plugin to the latest available version at least 1.7.4...

WordPress Contact Form & Lead Form Elementor Builder plugin <= 1.6.9 - Multiple Stored Cross-Site Scripting (XSS) vulnerabilities

Multiple Stored Cross-Site Scripting XSS vulnerabilities discovered by Yoru Oni in WordPress Contact Form & Lead Form Elementor Builder plugin versions = 1.6.9. Solution Update the WordPress Contact Form & Lead Form Elementor Builder plugin to the latest available version at least 1.7.0...

CVE-2021-24967 Contact Form & Lead Form Elementor Builder < 1.6.4 - Unauthenticated Stored Cross-Site Scripting

The Contact Form & Lead Form Elementor Builder WordPress plugin before 1.6.4 does not sanitise and escape some lead values, which could allow unauthenticated users to perform Cross-Site Scripting attacks against logged in admin viewing the inserted Leads...