cleantalk
Vulnerabilities and Security Researches

Responsive Contact Form Builder & Lead Generation Plugin, CVE-2024-4261

CVE, Research URL

CVE-2024-4261

Home page URL

Security reports for Responsive Contact Form Builder & Lead Generation Plugin

Application

Responsive Contact Form Builder & Lead Generation Plugin

Published on
May 22, 2024
Research Description
The Responsive Contact Form Builder & Lead Generation Plugin plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.9.1. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for authenticated attackers, with subscriber-level access and above, to execute arbitrary shortcodes.
Affected versions
Min -, max 1.9.2.
Status
vulnerable
Previous vulnerability researches
Responsive Contact Form Builder & Lead Generation Plugin (CVE-2022-23180) , Jun 07, 2024
Responsive Contact Form Builder & Lead Generation Plugin (CVE-2022-23179) , Jun 07, 2024
Responsive Contact Form Builder & Lead Generation Plugin (CVE-2024-3637) , Jun 07, 2024
Responsive Contact Form Builder & Lead Generation Plugin (CVE-2024-1416) , Jun 07, 2024
Responsive Contact Form Builder & Lead Generation Plugin (CVE-2024-1415) , Jun 07, 2024
New vulnerability
Dot html,php,xml etc pages (CVE-2025-48112) , May 18, 2025
Sharespine Woocommerce Connector (CVE-2025-48128) , May 18, 2025
Wishlist (CVE-2025-31063) , May 18, 2025
Wishlist (CVE-2025-31062) , May 18, 2025
WP-Members Membership Plugin (CVE-2025-4610) , May 18, 2025