cleantalk
Vulnerabilities and Security Researches

Integration for HubSpot and Contact Form 7, WPForms, Elementor, Ninja Forms, CVE-2026-24559

CVE, Research URL

CVE-2026-24559

Home page URL

Security reports for Integration for HubSpot and Contact Form 7, WPForms, Elementor, Ninja Forms

Application

Integration for HubSpot and Contact Form 7, WPForms, Elementor, Ninja Forms

Published on
Jan 23, 2026
Research Description
Insertion of Sensitive Information Into Sent Data vulnerability in CRM Perks Integration for Contact Form 7 HubSpot cf7-hubspot allows Retrieve Embedded Sensitive Data.This issue affects Integration for Contact Form 7 HubSpot: from n/a through <= 1.4.3.
Affected versions
max 1.4.3.
Status
vulnerable
Previous vulnerability researches
Page Builder: Pagelayer &#8211; Drag and Drop website builder (CVE-2025-24573) , Jan 26, 2025
Page Builder: Pagelayer &#8211; Drag and Drop website builder (CVE-2025-1926) , Mar 10, 2025
Page Builder: Pagelayer &#8211; Drag and Drop website builder (CVE-2024-13427) , May 25, 2025
Page Builder: Pagelayer &#8211; Drag and Drop website builder (CVE-2025-4223) , May 25, 2025
Page Builder: Pagelayer &#8211; Drag and Drop website builder (CVE-2025-2104) , Mar 14, 2025
New vulnerability
weMail &#8211; Email Marketing, Newsletter, Optin Forms, Subscribers WordPress Plugin (CVE-2025-14348) , Jan 28, 2026
Jeg Elementor Kit (CVE-2025-14275) , Jan 28, 2026
Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin (CVE-2025-69315) , Jan 28, 2026
Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin (CVE-2025-12166) , Jan 28, 2026
Delay Redirects (CVE-2026-24632) , Jan 28, 2026