cleantalk
Vulnerabilities and Security Researches

Contact Form 7 Widget For Elementor Page Builder & Gutenberg Blocks, CVE-2026-42728

CVE, Research URL

CVE-2026-42728

Home page URL

Security reports for Contact Form 7 Widget For Elementor Page Builder & Gutenberg Blocks

Application

Contact Form 7 Widget For Elementor Page Builder & Gutenberg Blocks

Published on
May 27, 2026
Research Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HT Plugins HT Contact Form 7 ht-contactform allows Stored XSS.This issue affects HT Contact Form 7: from n/a through <= 2.8.2.
Affected versions
max 2.8.3.
Status
vulnerable
Previous vulnerability researches
Sunshine Photo Cart: Free Client Galleries for Photographers (CVE-2026-39564) , Apr 14, 2026
Sunshine Photo Cart: Free Client Galleries for Photographers (CVE-2024-44038) , Sep 28, 2024
Sunshine Photo Cart: Free Client Galleries for Photographers (CVE-2026-24994) , Feb 28, 2026
Sunshine Photo Cart: Free Client Galleries for Photographers (CVE-2025-67973) , Feb 28, 2026
Sunshine Photo Cart: Free Client Galleries for Photographers (CVE-2024-43971) , Sep 01, 2024
New vulnerability
Email Verification / SMS Verification / OTP Verification / OTP Authentication / WooCommerce Notification (CVE-2026-42731) , May 28, 2026
ShopLentor – WooCommerce Builder for Elementor &amp; Gutenberg +12 Modules – All in One Solution (formerly WooLentor) (CVE-2026-6287) , May 28, 2026
PowerPress Podcasting plugin by Blubrry (CVE-2026-24637) , May 28, 2026
User Registration &#8211; Custom Registration Form, Login Form, and User Profile WordPress Plugin (CVE-2026-7651) , May 28, 2026
CRM WordPress Plugin &#8211; RepairBuddy (CVE-2026-24638) , May 28, 2026