Cross-Site Request Forgery Vulnerability in Contact Form by Supsystic for WordPress
CVE-2024-13452
6.1MEDIUM
Key Information:
- Vendor
- Supsysticcom
- Status
- Contact Form By Supsystic
- Vendor
- CVE Published:
- 16 April 2025
Summary
The Contact Form by Supsystic plugin for WordPress suffers from a Cross-Site Request Forgery vulnerability due to insufficient nonce validation in its saveAsCopy function. This flaw allows unauthenticated attackers to perform unauthorized actions, potentially altering settings and injecting malicious scripts if they can deceive a site administrator into executing a malicious link.
Affected Version(s)
Contact Form by Supsystic * <= 1.7.29
References
CVSS V3.1
Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Tim Coen