The Responsive Contact Form Builder & Lead Generation Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.8.9. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers to invoke those functions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. These actions may result in form deletion, and lead signup as well as file upload.
Advisories
Source ID Title
EUVD EUVD EUVD-2024-17169 The Responsive Contact Form Builder & Lead Generation Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.8.9. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers to invoke those functions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. These actions may result in form deletion, and lead signup as well as file upload.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Wed, 25 Feb 2026 22:15:00 +0000

Type Values Removed Values Added
First Time appeared Wordpress
Wordpress responsive Contact Form Builder Lead Generation
CPEs cpe:2.3:a:wordpress:responsive_contact_form_builder_lead_generation:-:*:*:*:*:*:*:*
Vendors & Products Wordpress
Wordpress responsive Contact Form Builder Lead Generation
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published:

Updated: 2024-08-01T18:40:21.120Z

Reserved: 2024-02-09T18:26:07.762Z

Link: CVE-2024-1415

cve-icon Vulnrichment

Updated: 2024-08-01T18:40:21.120Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-05-02T17:15:11.080

Modified: 2024-11-21T08:50:32.330

Link: CVE-2024-1415

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses

No weakness.