cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2023-2528,https://securityvulnerability.io/vulnerability/CVE-2023-2528,Cross-Site Request Forgery in Contact Form Plugin for WordPress by Supsystic,"The Contact Form by Supsystic plugin for WordPress is susceptible to Cross-Site Request Forgery (CSRF) due to inadequate nonce validation in its AJAX action handler. This flaw allows unauthorized attackers to initiate AJAX actions if they can convince an administrator to interact with a malicious link. This vulnerability primarily impacts versions up to 1.7.24 of the plugin, exposing sites to potential unauthorized actions by attackers.",Wordpress,Contact Form by Supsystic,8.8,HIGH,0.0018700000364333391,false,,false,false,false,,false,false,2023-05-17T00:15:00.000Z,0
CVE-2021-24276,https://securityvulnerability.io/vulnerability/CVE-2021-24276,Contact Form by Supsystic < 1.7.15 - Reflected Cross-Site scripting (XSS),"The Contact Form by Supsystic WordPress plugin before 1.7.15 did not sanitise the tab parameter of its options page before outputting it in an attribute, leading to a reflected Cross-Site Scripting issue",Wordpress,Contact Form By Supsystic,6.1,MEDIUM,0.011119999922811985,false,,false,false,false,,false,false,2021-05-05T18:28:48.000Z,0