Cross-Site Request Forgery Vulnerability in Contact Form by Supsystic for WordPress
CVE-2024-13452

6.1MEDIUM

Key Information:

Vendor
Supsysticcom
Status
Contact Form By Supsystic
Vendor
CVE Published:
16 April 2025

Summary

The Contact Form by Supsystic plugin for WordPress suffers from a Cross-Site Request Forgery vulnerability due to insufficient nonce validation in its saveAsCopy function. This flaw allows unauthenticated attackers to perform unauthorized actions, potentially altering settings and injecting malicious scripts if they can deceive a site administrator into executing a malicious link.

Affected Version(s)

Contact Form by Supsystic * <= 1.7.29

References

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Tim Coen
.