CVE-2023-28789

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Cimatti Consulting WordPress Contact Forms by Cimatti plugin = 1.5.4 versions...

CVE-2023-28781

Unauth. Stored Cross-Site Scripting XSS vulnerability in Cimatti Consulting WordPress Contact Forms by Cimatti plugin = 1.5.4 versions...

CVE-2024-10521

The WordPress Contact Forms by Cimatti plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9.2. This is due to missing or incorrect nonce validation on the processbulkaction function. This makes it possible for unauthenticated attackers to dele...

WordPress Contact Forms by Cimatti Plugin <= 1.9.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software Contact Forms by Cimatti Type Plugin Vulnerable versions = 1.9.2 Fixed in 1.9.3 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-10521 Patch priority Low CVSS severity Low 4.3 Developer Cimatti Consulting PSID 2351691c2ff2 Credits vgo0...

CVE-2023-47230

Cross-Site Request Forgery CSRF vulnerability in Cimatti Consulting WordPress Contact Forms by Cimatti plugin = 1.6.0 versions...

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in Cimatti Consulting WordPress Contact Forms by Cimatti plugin = 1.6.0 versions...

CVE-2023-47230

CVE-2023-47230 concerns the WordPress plugin “WordPress Contact Forms by Cimatti” (Cimatti Consulting) up to version ≤ 1.6.0. The connected documents confirm a Cross-Site Request Forgery (CSRF) vulnerability due to missing CSRF protections in the plugin, enabling potential unauthorized actions to...

WordPress Contact Forms by Cimatti Plugin <= 1.6.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software Contact Forms by Cimatti Type Plugin Vulnerable versions = 1.6.0 Fixed in 1.6.1 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-47230 Patch priority Low CVSS severity Low 5.4 Developer Cimatti Consulting PSID 415f09b860a2 Credits thiennv...

WordPress Contact Forms by Cimatti Plugin <= 1.5.7 is vulnerable to Broken Access Control

Software Contact Forms by Cimatti Type Plugin Vulnerable versions = 1.5.7 Fixed in 1.5.8 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-35051 Patch priority Low CVSS severity Low 5.4 Developer Cimatti Consulting PSID df5ca4f315dc Credits Abdi Pranata...

CVE-2023-28781

CVE-2023-28781 corresponds to an unauthenticated stored XSS in WordPress Contact Forms by Cimatti (Cimatti Consulting) plugin, affected versions

WordPress Contact Forms by Cimatti Plugin <= 1.5.4 is vulnerable to Cross Site Scripting (XSS)

Software Contact Forms by Cimatti Type Plugin Vulnerable versions = 1.5.4 Fixed in 1.5.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-28781 Patch priority Medium CVSS severity Medium 7.1 Developer Cimatti Consulting PSID 6a3a28e27c2a Credits thien...

WordPress Contact Forms by Cimatti Plugin <= 1.5.4 is vulnerable to Cross Site Scripting (XSS)

Software Contact Forms by Cimatti Type Plugin Vulnerable versions = 1.5.4 Fixed in 1.5.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-28789 Patch priority Medium CVSS severity Medium 7.1 Developer Cimatti Consulting PSID 1fd073a7aa0a Credits thien...

WordPress Contact Forms by Cimatti plugin <= 1.4.11 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by Felipe Restrepo Rodriguez, Sebastian Cruz Cardona in WordPress Contact Forms by Cimatti plugin versions = 1.4.11. Solution Update the WordPress Contact Forms by Cimatti plugin to the latest available version at least 1.4.12...