CYBERHAWK / CVE / CVE-2026-8901

CVE-2026-8901

HIGH CVSS 7.2 other

The flaw

The Integration for Freshsales – Contact Form 7, WPForms, Elementor, Gravity Forms and More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Form Submission Data in all versions up to, and including, 1.0.15 due to insuf

What to do

Review advisory and patch per vendor guidance.

▸ Scan my repo for CVE-2026-8901

References

NVD CISA KEV OSV GitHub Advisory MITRE News search

First seen 2026-06-12 · Tracked by PickBits CyberHawk · Weekly CVE digest

← All CVEs RSS Scheduled audits