Vulnerabilities and security researches forhls-crm-form-shortcode hls-crm-form-shortcode

Jan 11, 2026

CVE, Research URL: CVE-2025-12696
Home page URL: Security reports for HelloLeads CRM Form Shortcode
Application: HelloLeads CRM Form Shortcode
Date: Dec 14, 2025
Research Description: The HelloLeads CRM Form Shortcode WordPress plugin through 1.0 does not have authorisation and CSRF check when resetting its settings, allowing unauthenticated users to reset them
Affected versions: max 1.0.
Status: vulnerable