Threat Entry Updated 2025-06-09

CVE-2024-10475 - Contact Form Lead Form Elementor Builder Plugin

The Responsive Contact Form Builder & Lead Generation Plugin WordPress plugin before 1.9.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

PLUGIN Contact Form Lead Form Elementor Builder

CVE-2024-10475

MEDIUM CVSS 4.8 2025-05-15

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2025-05-08

CVE-2024-3637 - Contact Form Lead Form Elementor Builder Plugin

The Responsive Contact Form Builder & Lead Generation Plugin WordPress plugin through 1.8.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

PLUGIN Contact Form Lead Form Elementor Builder

CVE-2024-3637

MEDIUM CVSS 6.1 2024-05-03

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2024-11-21

CVE-2021-24967 - Contact Form Lead Form Elementor Builder Plugin

The Contact Form & Lead Form Elementor Builder WordPress plugin before 1.6.4 does not sanitise and escape some lead values, which could allow unauthenticated users to perform Cross-Site Scripting attacks against logged in admin viewing the inserted Leads

PLUGIN Contact Form Lead Form Elementor Builder

CVE-2021-24967

MEDIUM CVSS 6.1 2021-12-27

Risk Score

Open Full Technical Breakdown