CVE-2024-10521

The WordPress Contact Forms by Cimatti plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9.2. This is due to missing or incorrect nonce validation on the processbulkaction function. This makes it possible for unauthenticated attackers to dele...

CVE-2024-12184

The WordPress Contact Forms by Cimatti plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the accuaformsdownloadsubmittedfile function in all versions up to, and including, 1.9.4. This makes it possible for unauthenticated attackers to download...

CVE-2024-12184

The WordPress Contact Forms by Cimatti plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the accuaformsdownloadsubmittedfile function in all versions up to, and including, 1.9.4. This makes it possible for unauthenticated attackers to download...

CVE-2024-12184

The WordPress Contact Forms by Cimatti plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the accuaformsdownloadsubmittedfile function in all versions up to, and including, 1.9.4. This makes it possible for unauthenticated attackers to download...

CVE-2024-12184

CVE-2024-12184 affects the WordPress plugin WordPress Contact Forms by Cimatti. It exposes an unauthorized data access flaw caused by a missing capability check in accua_forms_download_submitted_file() that applies to all versions up to 1.9.4, enabling unauthenticated attackers to download other ...

CVE-2023-35051 WordPress Contact Forms by Cimatti plugin <= 1.5.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in cimatti Contact Forms by Cimatti contact-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Forms by Cimatti: from n/a through = 1.5.7...

CVE-2024-10521

The WordPress Contact Forms by Cimatti plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9.2. This is due to missing or incorrect nonce validation on the processbulkaction function. This makes it possible for unauthenticated attackers to dele...

CVE-2024-10521

CVE-2024-10521 affects WordPress Contact Forms by Cimatti (WordPress plugin). It is a Cross-Site Request Forgery vulnerability caused by missing or incorrect nonce validation in the process_bulk_action function, allowing unauthenticated attackers to delete forms via forged requests if a site admi...

WordPress Contact Forms by Cimatti Plugin <= 1.9.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software Contact Forms by Cimatti Type Plugin Vulnerable versions = 1.9.2 Fixed in 1.9.3 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-10521 Patch priority Low CVSS severity Low 4.3 Developer Cimatti Consulting PSID 2351691c2ff2 Credits vgo0...

WordPress Contact Forms by Cimatti Plugin <= 1.8.0 is vulnerable to Cross Site Scripting (XSS)

Software Contact Forms by Cimatti Type Plugin Vulnerable versions = 1.8.0 Fixed in 1.9.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-30549 Patch priority Low CVSS severity Low 5.9 Developer Cimatti Consulting PSID 4e21af5dfa9c Credits Joel Indra Required...

CVE-2024-29117 WordPress Contact Forms by Cimatti plugin <= 1.7.0 - Unauthenticated Stored Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Cimatti Consulting Contact Forms by Cimatti allows Stored XSS.This issue affects Contact Forms by Cimatti: from n/a through 1.7.0...

CVE-2023-47230 WordPress Contact Forms by Cimatti Plugin <= 1.6.0 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in Cimatti Consulting WordPress Contact Forms by Cimatti plugin = 1.6.0 versions...

WordPress Contact Forms by Cimatti Plugin <= 1.6.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software Contact Forms by Cimatti Type Plugin Vulnerable versions = 1.6.0 Fixed in 1.6.1 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-47230 Patch priority Low CVSS severity Low 5.4 Developer Cimatti Consulting PSID 415f09b860a2 Credits thiennv...

CVE-2023-2563

CVE-2023-2563 relates to the WordPress plugin WordPress Contact Forms by Cimatti. It is a Cross-Site Request Forgery (CSRF) vulnerability in versions up to and including 1.5.7 caused by missing/incorrect nonce validation in the function _accua_forms_form_edit_action. This flaw allows unauthentica...

WordPress Contact Forms by Cimatti Plugin <= 1.5.7 is vulnerable to Broken Access Control

Software Contact Forms by Cimatti Type Plugin Vulnerable versions = 1.5.7 Fixed in 1.5.8 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-35051 Patch priority Low CVSS severity Low 5.4 Developer Cimatti Consulting PSID df5ca4f315dc Credits Abdi Pranata...

CVE-2023-28781

Unauth. Stored Cross-Site Scripting XSS vulnerability in Cimatti Consulting WordPress Contact Forms by Cimatti plugin = 1.5.4 versions...

CVE-2023-28789 WordPress Contact Forms by Cimatti Plugin <= 1.5.4 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Cimatti Consulting WordPress Contact Forms by Cimatti plugin = 1.5.4 versions...

CVE-2023-28781 WordPress Contact Forms by Cimatti Plugin <= 1.5.4 is vulnerable to Cross Site Scripting (XSS)

Unauth. Stored Cross-Site Scripting XSS vulnerability in Cimatti Consulting WordPress Contact Forms by Cimatti plugin = 1.5.4 versions...

WordPress plugin Contact Forms by Cimatti 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

WordPress Contact Forms by Cimatti Plugin <= 1.5.4 is vulnerable to Cross Site Scripting (XSS)

Software Contact Forms by Cimatti Type Plugin Vulnerable versions = 1.5.4 Fixed in 1.5.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-28781 Patch priority Medium CVSS severity Medium 7.1 Developer Cimatti Consulting PSID 6a3a28e27c2a Credits thien...