CVE-2026-4257
- EPSS 19.61%
- Veröffentlicht 30.03.2026 21:26:10
- Zuletzt bearbeitet 01.04.2026 14:24:02
The Contact Form by Supsystic plugin for WordPress is vulnerable to Server-Side Template Injection (SSTI) leading to Remote Code Execution (RCE) in all versions up to, and including, 1.7.36. This is due to the plugin using the Twig `Twig_Loader_Strin...
CVE-2024-13452
- EPSS 0.2%
- Veröffentlicht 16.04.2025 02:12:04
- Zuletzt bearbeitet 15.04.2026 00:35:42
The Contact Form by Supsystic plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7.29. This is due to missing or incorrect nonce validation on a saveAsCopy function. This makes it possible for una...
CVE-2024-48042
- EPSS 0.48%
- Veröffentlicht 16.10.2024 13:15:13
- Zuletzt bearbeitet 15.04.2026 00:35:42
Deserialization of Untrusted Data vulnerability in supsystic Contact Form by Supsystic contact-form-by-supsystic allows Command Injection.This issue affects Contact Form by Supsystic: from n/a through <= 1.7.28.
CVE-2023-45068
- EPSS 0.05%
- Veröffentlicht 12.10.2023 13:15:11
- Zuletzt bearbeitet 21.11.2024 08:26:19
Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Contact Form by Supsystic plugin <= 1.7.27 versions.
CVE-2023-2528
- EPSS 0.16%
- Veröffentlicht 17.05.2023 00:15:09
- Zuletzt bearbeitet 08.04.2026 17:16:56
The Contact Form by Supsystic plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.24. This is due to missing or incorrect nonce validation on the AJAX action handler. This makes it possible for unaut...
CVE-2021-24276
- EPSS 8.37%
- Veröffentlicht 05.05.2021 19:15:08
- Zuletzt bearbeitet 21.11.2024 05:52:44
The Contact Form by Supsystic WordPress plugin before 1.7.15 did not sanitise the tab parameter of its options page before outputting it in an attribute, leading to a reflected Cross-Site Scripting issue