Have you found a vulnerability in a WordPress plugin or theme? Report vulnerabilities in WordPress plugins and themes through our bug bounty program and earn a bounty on all in-scope submissions, while we handle the responsible disclosure process on your behalf.

Contact Form Builder by vcita

Wordfence Intelligence > Vulnerability Database > WordPress Plugins > Contact Form Builder by vcita

Information

Software Type	Plugin
Software Slug	contact-form-with-a-meeting-scheduler-by-vcita (view on wordpress.org)
Software Status	Active
Software Author	eyale-vc
Software Website	www.vcita.com
Software Downloads	369,113
Software Active Installs	1,000
Software Record Last Updated	April 16, 2025

5 Vulnerabilities

Submit a Vulnerability

Contact Form Builder by vcita <= 4.10.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVE-2025-32199

Apr 4, 2025

Researcher: theviper17y

Contact Form Builder <= 4.10.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via livesite-pay Shortcode

6.4

CVE-2024-10056

Dec 4, 2024

Researcher: Peter Thaleikis

Contact Form Builder by vcita <= 4.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVE-2023-2300

Jun 2, 2023

Researcher: Jonas Höbenreich

Contact Form Builder by vcita <= 4.10.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVE-2023-2301

Jun 2, 2023

Researcher: Jonas Höbenreich

Contact Form and Calls To Action by vcita <= 4.10.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVE-2023-2303

Jun 2, 2023

Researcher: Jonas Höbenreich

Title	Status	CVE ID	CVSS	Researchers	Date
Contact Form Builder by vcita <= 4.10.2 - Authenticated (Contributor+) Stored Cross-Site Scripting	Unpatched	CVE-2025-32199	6.4	theviper17y	April 4, 2025
Contact Form Builder <= 4.10.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via livesite-pay Shortcode	Patched	CVE-2024-10056	6.4	Peter Thaleikis	December 4, 2024
Contact Form Builder by vcita <= 4.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting	Patched	CVE-2023-2300	6.4	Jonas Höbenreich	June 2, 2023
Contact Form Builder by vcita <= 4.10.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting	Patched	CVE-2023-2301	6.1	Jonas Höbenreich	June 2, 2023
Contact Form and Calls To Action by vcita <= 4.10.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting	Patched	CVE-2023-2303	6.1	Jonas Höbenreich	June 2, 2023

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation

Contact Form Builder by vcita

Information

5 Vulnerabilities

Cookie Options

Strictly Necessary

Performance/Analytical

Targeting