The Responsive Contact Form Builder & Lead Generation Plugin WordPress plugin before 1.9.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
Metrics
Affected Vendors & Products
References
History
Mon, 09 Jun 2025 18:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Themehunk
Themehunk contact Form \& Lead Form Elementor Builder |
|
Weaknesses | CWE-79 | |
CPEs | cpe:2.3:a:themehunk:contact_form_\&_lead_form_elementor_builder:*:*:*:*:*:wordpress:*:* | |
Vendors & Products |
Themehunk
Themehunk contact Form \& Lead Form Elementor Builder |
Tue, 20 May 2025 20:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
cvssV3_1
|
Thu, 15 May 2025 20:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | The Responsive Contact Form Builder & Lead Generation Plugin WordPress plugin before 1.9.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | |
Title | Lead Form Builder < 1.9.8 - Admin+ Stored XSS | |
References |
|

Status: PUBLISHED
Assigner: WPScan
Published: 2025-05-15T20:06:43.490Z
Updated: 2025-05-20T19:40:42.456Z
Reserved: 2024-10-28T18:41:06.625Z
Link: CVE-2024-10475

Updated: 2025-05-19T19:49:15.345Z

Status : Analyzed
Published: 2025-05-15T20:15:33.207
Modified: 2025-06-09T18:17:46.647
Link: CVE-2024-10475

No data.