8 matches found
CVE-2023-47230
CVE-2023-47230 concerns the WordPress plugin “WordPress Contact Forms by Cimatti” (Cimatti Consulting) up to version ≤ 1.6.0. The connected documents confirm a Cross-Site Request Forgery (CSRF) vulnerability due to missing CSRF protections in the plugin, enabling potential unauthorized actions to...
CVE-2024-30549
CVE-2024-30549 is an stored XSS in Cimatti Contact Forms (WordPress plugin) up to version 1.8.0, caused by improper neutralization of input during web page generation. The Red Hat advisory restates the vulnerability description, confirming the issue exists in Cimatti Contact Forms. Public exploit...
CVE-2024-10521
CVE-2024-10521 affects WordPress Contact Forms by Cimatti (WordPress plugin). It is a Cross-Site Request Forgery vulnerability caused by missing or incorrect nonce validation in the process_bulk_action function, allowing unauthenticated attackers to delete forms via forged requests if a site admi...
CVE-2024-29117
CVE-2024-29117 is a WordPress vulnerability in the WordPress Contact Forms by Cimatti plugin. Connected sources confirm an unauthenticated Stored Cross‑Site Scripting (XSS) flaw caused by improper neutralization of input during web page generation, affecting Cimatti Contact Forms by Cimatti versi...
CVE-2023-35051
CVE-2023-35051 affects the WordPress plugin Contact Forms by Cimatti (≤ 1.5.7). It is a Broken Access Control issue caused by missing authorization checks, enabling improper access. Patchstack documents a fix in 1.5.8; upgrade to 1.5.8 or newer to mitigate. CVSSv3.1 from Patchstack is 5.4 (MEDIUM...
CVE-2024-12184
CVE-2024-12184 affects the WordPress plugin WordPress Contact Forms by Cimatti. It exposes an unauthorized data access flaw caused by a missing capability check in accua_forms_download_submitted_file() that applies to all versions up to 1.9.4, enabling unauthenticated attackers to download other ...
CVE-2023-28789
CVE-2023-28789 affects the WordPress plugin Contact Forms by Cimatti (
CVE-2023-28781
CVE-2023-28781 corresponds to an unauthenticated stored XSS in WordPress Contact Forms by Cimatti (Cimatti Consulting) plugin, affected versions