cleantalk
Vulnerabilities and Security Researches

Integration for HubSpot and Contact Form 7, WPForms, Elementor, Ninja Forms, CVE-2025-68590

CVE, Research URL

CVE-2025-68590

Home page URL

Security reports for Integration for HubSpot and Contact Form 7, WPForms, Elementor, Ninja Forms

Application

Integration for HubSpot and Contact Form 7, WPForms, Elementor, Ninja Forms

Published on
Dec 24, 2025
Research Description
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CRM Perks Integration for Contact Form 7 HubSpot cf7-hubspot allows Blind SQL Injection.This issue affects Integration for Contact Form 7 HubSpot: from n/a through <= 1.4.2.
Affected versions
max 1.4.2.
Status
vulnerable
Previous vulnerability researches
Integration for HubSpot and Contact Form 7, WPForms, Elementor, Ninja Forms (CVE-2026-24559) , Jan 27, 2026
Integration for HubSpot and Contact Form 7, WPForms, Elementor, Ninja Forms (CVE-2025-68590) , Jan 10, 2026
Integration for HubSpot and Contact Form 7, WPForms, Elementor, Ninja Forms (56cb8480-1791-4990-8fc7-2cb98a10c207) , Jun 06, 2024
Integration for HubSpot and Contact Form 7, WPForms, Elementor, Ninja Forms (CVE-2024-34756) , Jun 06, 2024
Integration for HubSpot and Contact Form 7, WPForms, Elementor, Ninja Forms (CVE-2023-31095) , Jun 06, 2024
New vulnerability
WebMan Amplifier (CVE-2025-62757) , Jan 28, 2026
User Registration Using Contact Form 7 (CVE-2025-12825) , Jan 28, 2026
WANotifier &#8211; Send Message Notifications Using Cloud API (CVE-2025-68020) , Jan 28, 2026
Syntax Highlighter Compress (CVE-2025-68859) , Jan 28, 2026
Media Library File Size (CVE-2026-24569) , Jan 28, 2026