cleantalk
Vulnerabilities and Security Researches

Responsive Contact Form Builder & Lead Generation Plugin, CVE-2022-23179

CVE, Research URL

CVE-2022-23179

Home page URL

Security reports for Responsive Contact Form Builder & Lead Generation Plugin

Application

Responsive Contact Form Builder & Lead Generation Plugin

Published on
Jan 16, 2024
Research Description
The Contact Form & Lead Form Elementor Builder WordPress plugin before 1.7.0 does not escape some of its form fields before outputting them in attributes, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
Affected versions
Min -, max 1.8.5.
Status
vulnerable
Previous vulnerability researches
Responsive Contact Form Builder & Lead Generation Plugin (CVE-2022-23180) , Jun 07, 2024
Responsive Contact Form Builder & Lead Generation Plugin (CVE-2022-23179) , Jun 07, 2024
Responsive Contact Form Builder & Lead Generation Plugin (CVE-2024-3637) , Jun 07, 2024
Responsive Contact Form Builder & Lead Generation Plugin (CVE-2024-1416) , Jun 07, 2024
Responsive Contact Form Builder & Lead Generation Plugin (CVE-2024-1415) , Jun 07, 2024
New vulnerability
Dot html,php,xml etc pages (CVE-2025-48112) , May 18, 2025
Sharespine Woocommerce Connector (CVE-2025-48128) , May 18, 2025
Wishlist (CVE-2025-31063) , May 18, 2025
Wishlist (CVE-2025-31062) , May 18, 2025
WP-Members Membership Plugin (CVE-2025-4610) , May 18, 2025