CVE-2025-49069
- EPSS 0.03%
- Veröffentlicht 02.06.2025 18:49:25
- Zuletzt bearbeitet 04.06.2025 14:54:33
Cross-Site Request Forgery (CSRF) vulnerability in Cimatti Consulting Contact Forms by Cimatti allows Cross Site Request Forgery.This issue affects Contact Forms by Cimatti: from n/a through 1.9.8.
CVE-2023-35051
- EPSS 0.27%
- Veröffentlicht 13.12.2024 15:15:15
- Zuletzt bearbeitet 19.03.2025 21:02:08
Missing Authorization vulnerability in Cimatti Consulting Contact Forms by Cimatti allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Forms by Cimatti: from n/a through 1.5.7.
CVE-2024-29117
- EPSS 0.13%
- Veröffentlicht 19.03.2024 15:15:09
- Zuletzt bearbeitet 18.03.2025 11:54:32
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cimatti Consulting Contact Forms by Cimatti allows Stored XSS.This issue affects Contact Forms by Cimatti: from n/a through 1.7.0.
CVE-2023-2563
- EPSS 0.07%
- Veröffentlicht 13.06.2023 02:15:09
- Zuletzt bearbeitet 21.11.2024 07:58:50
The WordPress Contact Forms by Cimatti plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.7. This is due to missing or incorrect nonce validation on the function _accua_forms_form_edit_action. This ...
CVE-2021-24744
- EPSS 0.21%
- Veröffentlicht 25.10.2021 14:15:10
- Zuletzt bearbeitet 21.11.2024 05:53:40
The WordPress Contact Forms by Cimatti WordPress plugin before 1.4.12 does not sanitise and escape the Form Title before outputting it in some admin pages. which could allow high privilege users to perform Cross-Site Scripting attacks even when the u...