What the vulnerability does
01Description
Missing Authorization vulnerability in ThemeHunk Contact Form & Lead Form Elementor Builder allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects Contact Form & Lead Form Elementor Builder: from n/a through 1.8.4.
Explanation of Vulnerability in Simple Terms
02Summary
The Contact Form & Lead Form Elementor Builder plugin for WordPress does not properly validate user permissions before allowing form submissions and modifications. An attacker can submit forms or alter form data by tricking a site visitor into clicking a malicious link. This affects versions up to 1.8.4 and can result in unauthorized data changes or form tampering.
What an attacker can do
03Attacker Capabilities
Submit forms or modify form data without proper authorization by tricking a user into clicking a link.
Potential impact on your site
04Site Impact
Form submissions may be altered or spoofed, and form data integrity cannot be guaranteed without updating the plugin.
Conditions required to exploit
05Prerequisites
User interaction required; attacker must trick a site visitor into clicking a malicious link or visiting a crafted page.
Key dates
06Disclosure timeline
June 11, 2026
CVE published
June 11, 2026
Record updated