Lucene search
K
CimattiWordpress Contact Forms

8 matches found

CVE
CVE
added 2023/11/13 12:7 a.m.87 views

CVE-2023-47230

CVE-2023-47230 concerns the WordPress plugin “WordPress Contact Forms by Cimatti” (Cimatti Consulting) up to version ≤ 1.6.0. The connected documents confirm a Cross-Site Request Forgery (CSRF) vulnerability due to missing CSRF protections in the plugin, enabling potential unauthorized actions to...

8.8CVSS7.1AI score0.0027EPSS
CVE
CVE
added 2024/03/31 7:59 p.m.70 views

CVE-2024-30549

CVE-2024-30549 is an stored XSS in Cimatti Contact Forms (WordPress plugin) up to version 1.8.0, caused by improper neutralization of input during web page generation. The Red Hat advisory restates the vulnerability description, confirming the issue exists in Cimatti Contact Forms. Public exploit...

5.9CVSS7.2AI score0.00342EPSS
CVE
CVE
added 2024/11/27 11:3 a.m.66 views

CVE-2024-10521

CVE-2024-10521 affects WordPress Contact Forms by Cimatti (WordPress plugin). It is a Cross-Site Request Forgery vulnerability caused by missing or incorrect nonce validation in the process_bulk_action function, allowing unauthenticated attackers to delete forms via forged requests if a site admi...

4.3CVSS4.3AI score0.00212EPSS
CVE
CVE
added 2024/03/19 2:52 p.m.56 views

CVE-2024-29117

CVE-2024-29117 is a WordPress vulnerability in the WordPress Contact Forms by Cimatti plugin. Connected sources confirm an unauthenticated Stored Cross‑Site Scripting (XSS) flaw caused by improper neutralization of input during web page generation, affecting Cimatti Contact Forms by Cimatti versi...

7.1CVSS8.6AI score0.00398EPSS
CVE
CVE
added 2024/12/13 2:23 p.m.54 views

CVE-2023-35051

CVE-2023-35051 affects the WordPress plugin Contact Forms by Cimatti (≤ 1.5.7). It is a Broken Access Control issue caused by missing authorization checks, enabling improper access. Patchstack documents a fix in 1.5.8; upgrade to 1.5.8 or newer to mitigate. CVSSv3.1 from Patchstack is 5.4 (MEDIUM...

8.8CVSS5.1AI score0.00531EPSS
CVE
CVE
added 2025/02/01 3:21 a.m.52 views

CVE-2024-12184

CVE-2024-12184 affects the WordPress plugin WordPress Contact Forms by Cimatti. It exposes an unauthorized data access flaw caused by a missing capability check in accua_forms_download_submitted_file() that applies to all versions up to 1.9.4, enabling unauthenticated attackers to download other ...

5.3CVSS5.2AI score0.00377EPSS
CVE
CVE
added 2023/04/07 2:12 p.m.49 views

CVE-2023-28789

CVE-2023-28789 affects the WordPress plugin Contact Forms by Cimatti (

7.1CVSS6.1AI score0.00382EPSS
CVE
CVE
added 2023/04/07 2:8 p.m.45 views

CVE-2023-28781

CVE-2023-28781 corresponds to an unauthenticated stored XSS in WordPress Contact Forms by Cimatti (Cimatti Consulting) plugin, affected versions

7.1CVSS5.9AI score0.00382EPSS