CVE-2026-1454

The Responsive Contact Form Builder & Lead Generation Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.0.1 via form field submissions. This is due to insufficient input sanitization in the lfbleadsanitize function which omits certain...

CVE-2026-1454

The Responsive Contact Form Builder & Lead Generation Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.0.1 via form field submissions. This is due to insufficient input sanitization in the lfbleadsanitize function which omits certain...

EUVD-2017-1642

Malware in sbrugna...

CVE-2025-29000 WordPress Multi-language Responsive Contact Form plugin <= 2.8 - Broken Access Control Vulnerability

Missing Authorization vulnerability in August Infotech Multi-language Responsive Contact Form responsive-contact-form allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Multi-language Responsive Contact Form: from n/a through = 2.8...

CVE-2025-29000

CVE-2025-29000 refers to a Missing Authorization (Broken Access Control) vulnerability in the WordPress plugin “Multi-language Responsive Contact Form” (versions up to 2.8). Technical details across sources confirm the issue arises from access control not properly constraining certain functionali...

PT-2024-30062 · WordPress · Responsive Contact Form Builder & Lead Generation Plugin

Name of the Vulnerable Software and Affected Versions: The Responsive Contact Form Builder & Lead Generation Plugin plugin for WordPress versions up to, and including, 1.9.1 Description: The issue arises from the software's failure to properly validate a value before executing the do shortcode...

CVE-2024-3637

The Responsive Contact Form Builder & Lead Generation Plugin WordPress plugin through 1.8.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

CVE-2024-3637 Responsive Contact Form Builder & Lead Generation Plugin <= 1.8.9 - Admin+ Stored XSS

The Responsive Contact Form Builder & Lead Generation Plugin WordPress plugin through 1.8.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

PT-2024-18026 · WordPress · Responsive Contact Form Builder & Lead Generation Plugin

Name of the Vulnerable Software and Affected Versions: The Responsive Contact Form Builder & Lead Generation Plugin plugin for WordPress versions prior to 1.8.9 Description: The issue allows unauthorized access to functionality due to a missing capability check on several functions. This makes it...

WordPress rk-responsive-contact-form SQL Injection Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports personal blog sites set up on PHP and MySQL servers. rk-responsive-contact-form is one of the responsive contact form plugin. A SQL injection vulnerability exists in...

CVE-2017-1002027

Vulnerability in wordpress plugin rk-responsive-contact-form v1.0, The variable $delid isn't sanitized before being passed into an SQL query in file ./rk-responsive-contact-form/include/rkuserlist.php...

CVE-2017-1002027

CVE-2017-1002027 affects the WordPress plugin rk-responsive-contact-form v1.0. The root cause is SQL injection in rk_user_list.php where the parameter $delid is not sanitized before inclusion in a query. Public references describe this as an Authenticated Blind SQL Injection (WPVulndb) and the NV...

rk-responsive-contact-form 1.0 - Authenticated Blind SQL Injection

The rk-responsive-contact-form WordPress plugin was affected by an Authenticated Blind SQL Injection security vulnerability...