Vulnerabilities and security researches forsb-elementor-contact-form-db sb-elementor-contact-form-db

Jun 07, 2024

CVE, Research URL: CVE-2022-2116
Home page URL: Security reports for Contact Form DB – Elementor
Application: Contact Form DB – Elementor
Date: Aug 15, 2022
Research Description: The Contact Form DB WordPress plugin before 1.8.0 does not sanitise and escape some parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting
Affected versions: max 1.8.0.
Status: vulnerable

CVE, Research URL: CVE-2021-3133
Home page URL: Security reports for Contact Form DB – Elementor
Application: Contact Form DB – Elementor
Date: Jan 13, 2021
Research Description: The Elementor Contact Form DB plugin before 1.6 for WordPress allows CSRF via backend admin pages.
Affected versions: max 1.6.
Status: vulnerable

Feb 28, 2026

CVE, Research URL: CVE-2026-25320
Home page URL: Security reports for Contact Form DB – Elementor
Application: Contact Form DB – Elementor
Date: Feb 19, 2026
Research Description: Missing Authorization vulnerability in Cool Plugins Elementor Contact Form DB sb-elementor-contact-form-db allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Elementor Contact Form DB: from n/a through <= 2.1.3.
Affected versions: max 2.1.3.
Status: vulnerable