cleantalk
Vulnerabilities and Security Researches

Contact Form 7 Widget For Elementor Page Builder & Gutenberg Blocks, CVE-2026-42728

CVE, Research URL

CVE-2026-42728

Home page URL

Security reports for Contact Form 7 Widget For Elementor Page Builder & Gutenberg Blocks

Application

Contact Form 7 Widget For Elementor Page Builder & Gutenberg Blocks

Published on
May 27, 2026
Research Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HT Plugins HT Contact Form 7 ht-contactform allows Stored XSS.This issue affects HT Contact Form 7: from n/a through <= 2.8.2.
Affected versions
max 2.8.3.
Status
vulnerable
Previous vulnerability researches
jQuery googleslides (CVE-2026-8866) , May 28, 2026
New vulnerability
ShopLentor – WooCommerce Builder for Elementor &amp; Gutenberg +12 Modules – All in One Solution (formerly WooLentor) (CVE-2026-6287) , May 28, 2026
PowerPress Podcasting plugin by Blubrry (CVE-2026-24637) , May 28, 2026
User Registration &#8211; Custom Registration Form, Login Form, and User Profile WordPress Plugin (CVE-2026-7651) , May 28, 2026
CRM WordPress Plugin &#8211; RepairBuddy (CVE-2026-24638) , May 28, 2026
PDF Flipbook, 3D Flipbook &#8211; DearFlip (CVE-2026-49047) , May 28, 2026