Cross-Site Request Forgery Vulnerability in Quick Contact Form by Saad Iqbal
CVE-2025-67471

8.8HIGH

Key Information:

Vendor: WordPress
Status: Quick Contact Form
Vendor: CVE Published:; 9 December 2025

What is CVE-2025-67471?

The Quick Contact Form plugin developed by Saad Iqbal is vulnerable to a Cross-Site Request Forgery (CSRF) attack. This vulnerability allows unauthorized parties to submit requests on behalf of authenticated users without their consent. The affected versions range from unnumbered to 8.2.5, exposing users to potential account hijacking or unintended actions. It is crucial for users to update to the latest version and implement security measures to protect their websites.

Affected Version(s)

Quick Contact Form <= n/a

References

https://vdp.patchstack.com/database/Wordpress/Plugin/quic...

vdb-entry

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 9, 2025
Vulnerability Reserved
Dec 8, 2025

Credit

Doan Dinh Van | Patchstack Bug Bounty Program

JSON

WordPress

What is CVE-2025-67471?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit