VYPR

Contact Form & Lead Form Elementor Builder

by WordPress

CVEs (3)

  • CVE-2021-24967MedDec 27, 2021
    risk 0.40cvss 6.1epss 0.01

    The Contact Form & Lead Form Elementor Builder WordPress plugin before 1.6.4 does not sanitise and escape some lead values, which could allow unauthenticated users to perform Cross-Site Scripting attacks against logged in admin viewing the inserted Leads

  • CVE-2022-23179MedJan 16, 2024
    risk 0.31cvss 4.8epss 0.01

    The Contact Form & Lead Form Elementor Builder WordPress plugin before 1.7.0 does not escape some of its form fields before outputting them in attributes, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is…

  • CVE-2022-23180MedJan 16, 2024
    risk 0.21cvss 4.3epss 0.01

    The Contact Form & Lead Form Elementor Builder WordPress plugin before 1.7.4 doesn't have authorisation and nonce checks, which could allow any authenticated users, such as subscriber to update and change various settings