CVE-2024-10475
📋 TL;DR
This vulnerability allows WordPress administrators to inject malicious scripts into plugin settings, which then execute in other users' browsers when they view affected pages. It affects WordPress sites using the Responsive Contact Form Builder & Lead Generation Plugin before version 1.9.8, particularly in multisite configurations where unfiltered_html is restricted.
💻 Affected Systems
- Responsive Contact Form Builder & Lead Generation Plugin for WordPress
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
An attacker with admin privileges could steal session cookies, redirect users to malicious sites, or perform actions on behalf of authenticated users, potentially leading to full site compromise.
Likely Case
Malicious admin injects JavaScript that steals user session cookies or redirects users to phishing pages when they view contact forms.
If Mitigated
With proper user access controls and regular admin auditing, impact is limited to potential data leakage from users viewing injected forms.
🎯 Exploit Status
Exploitation requires admin privileges. Attack is stored XSS that persists in plugin settings.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.9.8
Vendor Advisory: https://wpscan.com/vulnerability/faca59fb-6b59-45b0-8b97-c4125d9d3cb3/
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Go to Plugins → Installed Plugins. 3. Find 'Responsive Contact Form Builder & Lead Generation Plugin'. 4. Click 'Update Now' if available. 5. If no update appears, manually download version 1.9.8+ from WordPress.org and replace plugin files.
🔧 Temporary Workarounds
Remove Plugin
allTemporarily disable or remove the vulnerable plugin until patched
wp plugin deactivate responsive-contact-form-builder
wp plugin delete responsive-contact-form-builder
Restrict Admin Access
allTemporarily restrict admin panel access to trusted users only
🧯 If You Can't Patch
- Implement strict admin user access controls and monitoring
- Use web application firewall with XSS protection rules
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin → Plugins → Installed Plugins for 'Responsive Contact Form Builder & Lead Generation Plugin' version numberCheck Version:
wp plugin get responsive-contact-form-builder --field=versionVerify Fix Applied:
Verify plugin version is 1.9.8 or higher in WordPress admin panel📡 Detection & Monitoring
Log Indicators:
- Unusual admin user modifying plugin settings
- JavaScript payloads in plugin option values
Network Indicators:
- Unexpected JavaScript loading from contact form pages
- External script calls from form submissions
SIEM Query:
source="wordpress" AND (event="plugin_updated" OR event="option_updated") AND plugin="responsive-contact-form-builder"