6 matches found
CVE-2024-10521
CVE-2024-10521 affects WordPress Contact Forms by Cimatti (WordPress plugin). It is a Cross-Site Request Forgery vulnerability caused by missing or incorrect nonce validation in the process_bulk_action function, allowing unauthenticated attackers to delete forms via forged requests if a site admi...
CVE-2024-29117
CVE-2024-29117 is a WordPress vulnerability in the WordPress Contact Forms by Cimatti plugin. Connected sources confirm an unauthenticated Stored Cross‑Site Scripting (XSS) flaw caused by improper neutralization of input during web page generation, affecting Cimatti Contact Forms by Cimatti versi...
CVE-2023-35051
CVE-2023-35051 affects the WordPress plugin Contact Forms by Cimatti (≤ 1.5.7). It is a Broken Access Control issue caused by missing authorization checks, enabling improper access. Patchstack documents a fix in 1.5.8; upgrade to 1.5.8 or newer to mitigate. CVSSv3.1 from Patchstack is 5.4 (MEDIUM...
CVE-2024-12184
CVE-2024-12184 affects the WordPress plugin WordPress Contact Forms by Cimatti. It exposes an unauthorized data access flaw caused by a missing capability check in accua_forms_download_submitted_file() that applies to all versions up to 1.9.4, enabling unauthenticated attackers to download other ...
CVE-2023-28789
CVE-2023-28789 affects the WordPress plugin Contact Forms by Cimatti (
CVE-2023-28781
CVE-2023-28781 corresponds to an unauthenticated stored XSS in WordPress Contact Forms by Cimatti (Cimatti Consulting) plugin, affected versions