NotCVE - vendor:"Themehunk" product:"Contact Form \& Lead Form Elementor Builder" version:"

3 results (0.002 seconds)

CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 1

CVE-2022-23180 – Contact Form & Lead Form Elementor Builder Plugin < 1.7.4 - Multiple Subscriber+ Settings Update

https://notcve.org/view.php?id=CVE-2022-23180

01 Feb 2022 — The Contact Form & Lead Form Elementor Builder WordPress plugin before 1.7.4 doesn't have authorisation and nonce checks, which could allow any authenticated users, such as subscriber to update and change various settings El complemento de WordPress Contact Form & Lead Form Elementor Builder anterior a 1.7.4 no tiene autorización ni comprobaciones nonce, lo que podría permitir a cualquier usuario autenticado, como el suscriptor, actualizar y cambiar varias configuraciones. The Contact Form & Lead Form E... • https://plugins.trac.wordpress.org/changeset/2670484 • CWE-862: Missing Authorization •

CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1

CVE-2022-23179 – Contact Form & Lead Form Elementor Builder < 1.7.0 - Multiple Admin+ Stored Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2022-23179

05 Jan 2022 — The Contact Form & Lead Form Elementor Builder WordPress plugin before 1.7.0 does not escape some of its form fields before outputting them in attributes, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed El complemento de WordPress Contact Form & Lead Form Elementor Builder anterior a 1.7.0 no escapa de algunos de sus campos de formulario antes de mostrarlos en atributos, lo que podría permitir a usuarios con altos priv... • https://wpscan.com/vulnerability/90b8af99-e4a1-4076-99fa-efe805dd4be4 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.2EPSS: 12%CPEs: 1EXPL: 1

CVE-2021-24967 – Contact Form & Lead Form Elementor Builder < 1.6.4 - Unauthenticated Stored Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2021-24967

29 Nov 2021 — The Contact Form & Lead Form Elementor Builder WordPress plugin before 1.6.4 does not sanitise and escape some lead values, which could allow unauthenticated users to perform Cross-Site Scripting attacks against logged in admin viewing the inserted Leads El plugin Contact Form & Lead Form Elementor Builder de WordPress versiones anteriores a 1.6.4, no sanea ni escapa de algunos valores de leads, lo que podría permitir a usuarios no autenticados llevar a cabo ataques de tipo Cross-Site Scripting contra e... • https://wpscan.com/vulnerability/4e165122-4746-42de-952e-a3bf51393a74 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •