CVE-2024-3637

Name of the Vulnerable Software and Affected Versions The Responsive Contact Form Builder & Lead Generation Plugin WordPress plugin versions 1.8.9 and earlier

Description The issue concerns the lack of sanitization and escaping of some settings in the plugin, which could allow high-privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This is possible even when the unfiltered html capability is disallowed, for example, in a multisite setup.

Recommendations For versions 1.8.9 and earlier, update to a version that addresses this issue, as the current version does not properly sanitize and escape its settings, posing a risk of Stored Cross-Site Scripting attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.