cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-10521,https://securityvulnerability.io/vulnerability/CVE-2024-10521,Cross-Site Request Forgery Vulnerability in WordPress Contact Forms Plugin,"The WordPress Contact Forms by Cimatti plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9.2. This is due to missing or incorrect nonce validation on the process_bulk_action function. This makes it possible for unauthenticated attackers to delete forms via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.",Wordpress,WordPress Contact Forms By Cimatti,4.3,MEDIUM,0.0005200000014156103,false,,false,false,false,,false,false,2024-11-27T11:03:33.991Z,0
CVE-2023-47230,https://securityvulnerability.io/vulnerability/CVE-2023-47230,WordPress Contact Forms by Cimatti Plugin <= 1.6.0 is vulnerable to Cross Site Request Forgery (CSRF),"The Contact Forms by Cimatti plugin for WordPress is susceptible to Cross-Site Request Forgery (CSRF) attacks in versions up to 1.6.0. This vulnerability enables unauthorized actions to be performed on behalf of an authenticated user without their consent, potentially compromising the integrity of user data and system operations. It is vital for users of this plugin to apply the necessary updates to mitigate these security risks.",Wordpress,WordPress Contact Forms by Cimatti,8.8,HIGH,0.0008699999889358878,false,,false,false,false,,false,false,2023-11-13T01:15:00.000Z,0
CVE-2023-2563,https://securityvulnerability.io/vulnerability/CVE-2023-2563,Cross-Site Request Forgery in Cimatti Contact Forms Plugin for WordPress,"The Cimatti Contact Forms plugin for WordPress is susceptible to Cross-Site Request Forgery (CSRF) vulnerabilities due to inadequate nonce validation in the _accua_forms_form_edit_action function. This flaw allows unauthenticated attackers to craft malicious requests for deleting forms, potentially compromising the administrator's account by deceiving them into executing harmful actions, such as clicking on a crafted link.",Wordpress,WordPress Contact Forms By Cimatti,4.3,MEDIUM,0.0011399999493733048,false,,false,false,false,,false,false,2023-06-13T02:15:00.000Z,0
CVE-2023-28781,https://securityvulnerability.io/vulnerability/CVE-2023-28781,WordPress Contact Forms by Cimatti Plugin <= 1.5.4 is vulnerable to Cross Site Scripting (XSS),Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Cimatti Consulting WordPress Contact Forms by Cimatti plugin <= 1.5.4 versions.,Wordpress,WordPress Contact Forms by Cimatti,6.1,MEDIUM,0.0005200000014156103,false,,false,false,false,,false,false,2023-04-07T15:15:00.000Z,0
CVE-2023-28789,https://securityvulnerability.io/vulnerability/CVE-2023-28789,WordPress Contact Forms by Cimatti Plugin <= 1.5.4 is vulnerable to Cross Site Scripting (XSS),Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Cimatti Consulting WordPress Contact Forms by Cimatti plugin <= 1.5.4 versions.,Wordpress,WordPress Contact Forms by Cimatti,6.1,MEDIUM,0.0005200000014156103,false,,false,false,false,,false,false,2023-04-07T15:15:00.000Z,0
CVE-2021-24744,https://securityvulnerability.io/vulnerability/CVE-2021-24744,WordPress Contact Forms by Cimatti < 1.4.12 - Admin+ Stored Cross-Site Scripting,The WordPress Contact Forms by Cimatti WordPress plugin before 1.4.12 does not sanitise and escape the Form Title before outputting it in some admin pages. which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed.,Wordpress,WordPress Contact Forms By Cimatti,4.8,MEDIUM,0.000539999979082495,false,,false,false,false,,false,false,2021-10-25T13:20:51.000Z,0