Cross-Site Request Forgery Vulnerability in Contact Form by Supsystic for WordPress
CVE-2024-13452
6.1MEDIUM
What is CVE-2024-13452?
The Contact Form by Supsystic plugin for WordPress suffers from a Cross-Site Request Forgery vulnerability due to insufficient nonce validation in its saveAsCopy function. This flaw allows unauthenticated attackers to perform unauthorized actions, potentially altering settings and injecting malicious scripts if they can deceive a site administrator into executing a malicious link.
Affected Version(s)
Contact Form by Supsystic * <= 1.7.29