Mohamed Azarudheen

**Nome do software vulnerável e versões afetadas** O plugin do WordPress “Responsive Contact Form Builder & Lead Generation” nas versões 1.8.9 e anteriores **Descrição** O problema diz respeito à falta de sanitização e escapamento de algumas configurações no plugin, o que poderia permitir que usuários com privilégios elevados, como administradores, realizassem ataques de Stored Cross-Site Scripting. Isso é possível mesmo quando a capacidade unfiltered html está desativada, por exemplo, em uma configuração multisite. **Recomendações** Para as versões 1.8.9 e anteriores, atualize para uma versão que corrija este problema, pois a versão atual não sanitiza e escapa adequadamente suas configurações, representando um risco de ataques de Stored Cross-Site Scripting. No momento, não há informações sobre uma versão mais recente que contenha uma correção para esta vulnerabilidade.

**Name of the Vulnerable Software and Affected Versions** Contact Form Email WordPress plugin versions prior to 1.3.44 **Description** The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for example, in a multisite setup. This is due to the plugin not sanitizing and escaping some of its settings. **Recommendations** For versions prior to 1.3.44, update to version 1.3.44 or later to resolve the issue. As a temporary workaround, consider restricting access to the plugin's settings to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Forminator WordPress plugin versions prior to 1.27.0 **Description** The issue arises from improper sanitization of the `redirect-url` field in form submission settings. This could allow high-privilege users, such as administrators, to inject arbitrary web scripts, even when the `unfiltered html` capability is disallowed, for example, in a multisite setup. **Recommendations** For versions prior to 1.27.0, update to version 1.27.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the form submission settings to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** User Registration WordPress plugin versions prior to 3.0.4.2 **Description** The issue allows high-privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This is possible because the plugin does not properly sanitize and escape some of its settings, even when the unfiltered html capability is disallowed, for example, in a multisite setup. **Recommendations** For versions prior to 3.0.4.2, update to version 3.0.4.2 or later to resolve the issue. As a temporary workaround, consider restricting the ability of high-privilege users to modify plugin settings until the update is applied.