Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2025-02-24
CVE-2024-12184 - Wordpress Contact Forms Plugin
The WordPress Contact Forms by Cimatti plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the accua_forms_download_submitted_file() function in all versions up to, and including, 1.9.4. This makes it possible for unauthenticated attackers to download other user submitted forms.
PLUGIN
Wordpress Contact Forms
CVE-2024-12184
Risk Score
Threat Entry
Updated 2025-03-19
CVE-2024-10521 - Wordpress Contact Forms Plugin
The WordPress Contact Forms by Cimatti plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9.2. This is due to missing or incorrect nonce validation on the process_bulk_action function. This makes it possible for unauthenticated attackers to delete forms via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
PLUGIN
Wordpress Contact Forms
CVE-2024-10521
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-47230 - Wordpress Contact Forms Plugin
Cross-Site Request Forgery (CSRF) vulnerability in Cimatti Consulting WordPress Contact Forms by Cimatti plugin
PLUGIN
Wordpress Contact Forms
CVE-2023-47230
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-28789 - Wordpress Contact Forms Plugin
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Cimatti Consulting WordPress Contact Forms by Cimatti plugin
PLUGIN
Wordpress Contact Forms
CVE-2023-28789
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-28781 - Wordpress Contact Forms Plugin
Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Cimatti Consulting WordPress Contact Forms by Cimatti plugin
PLUGIN
Wordpress Contact Forms
CVE-2023-28781
Risk Score