Cross-Site Request Forgery in Contact Form Plugin for WordPress by Supsystic
CVE-2023-2528
8.8HIGH
What is CVE-2023-2528?
The Contact Form by Supsystic plugin for WordPress is susceptible to Cross-Site Request Forgery (CSRF) due to inadequate nonce validation in its AJAX action handler. This flaw allows unauthorized attackers to initiate AJAX actions if they can convince an administrator to interact with a malicious link. This vulnerability primarily impacts versions up to 1.7.24 of the plugin, exposing sites to potential unauthorized actions by attackers.
Affected Version(s)
Contact Form by Supsystic * <= 1.7.24