Vulnerabilities > Themehunk > Contact Form Lead Form Elementor Builder
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-16 | CVE-2022-23179 | Cross-site Scripting vulnerability in Themehunk Contact Form & Lead Form Elementor Builder The Contact Form & Lead Form Elementor Builder WordPress plugin before 1.7.0 does not escape some of its form fields before outputting them in attributes, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | 4.8 |
| 2024-01-16 | CVE-2022-23180 | Missing Authorization vulnerability in Themehunk Contact Form & Lead Form Elementor Builder The Contact Form & Lead Form Elementor Builder WordPress plugin before 1.7.4 doesn't have authorisation and nonce checks, which could allow any authenticated users, such as subscriber to update and change various settings | 4.3 |
| 2021-12-27 | CVE-2021-24967 | Unspecified vulnerability in Themehunk Contact Form & Lead Form Elementor Builder The Contact Form & Lead Form Elementor Builder WordPress plugin before 1.6.4 does not sanitise and escape some lead values, which could allow unauthenticated users to perform Cross-Site Scripting attacks against logged in admin viewing the inserted Leads | 6.1 |