CVE-2026-32532 WordPress Contact Form & Lead Form Elementor Builder plugin <= 2.0.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThemeHunk Contact Form & Lead Form Elementor Builder lead-form-builder allows Stored XSS.This issue affects Contact Form & Lead Form Elementor Builder: from n/a through = 2.0.1...

WordPress Lead Form Data Collection to CRM plugin elevation of privilege vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation, and WordPress plugin is an application plugin. An elevation of privilege vulnerability exists in the WordPress Lead Form Data Collection to CRM plugin, which stems from a missing capability check in the function...

CVE-2025-5692 Lead Form Data Collection to CRM <= 3.1 - Missing Authorization to Authenticated (Subscriber+) Many Actions

The Lead Form Data Collection to CRM plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions in the /includes/LBadminajax.php file in all versions up to, and including, 3.1. This makes it possible for authenticated attackers, with...