Vulnerabilities and security researches forcontact-form-by-supsystic contact-form-by-supsystic

Jun 07, 2024

CVE, Research URL: CVE-2021-24276
Home page URL: Security reports for Contact Form by Supsystic
Application: Contact Form by Supsystic
Date: May 06, 2021
Research Description: The Contact Form by Supsystic WordPress plugin before 1.7.15 did not sanitise the tab parameter of its options page before outputting it in an attribute, leading to a reflected Cross-Site Scripting issue
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2023-2528
Home page URL: Security reports for Contact Form by Supsystic
Application: Contact Form by Supsystic
Date: May 17, 2023
Research Description: The Contact Form by Supsystic plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.24. This is due to missing or incorrect nonce validation on the AJAX action handler. This makes it possible for unauthenticated attackers to execute AJAX actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2023-45068
Home page URL: Security reports for Contact Form by Supsystic
Application: Contact Form by Supsystic
Date: Oct 12, 2023
Research Description: Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Contact Form by Supsystic plugin <= 1.7.27 versions.
Affected versions: Min -, max -.
Status: vulnerable

Oct 17, 2024

CVE, Research URL: CVE-2024-48042
Home page URL: Security reports for Contact Form by Supsystic
Application: Contact Form by Supsystic
Date: Oct 16, 2024
Research Description: Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Supsystic Contact Form by Supsystic allows Command Injection.This issue affects Contact Form by Supsystic: from n/a through 1.7.28.
Affected versions: Min -, max -.
Status: vulnerable

Oct 18, 2024

CVE, Research URL: CVE-2024-48046
Home page URL: Security reports for Contact Form by Supsystic
Application: Contact Form by Supsystic
Date: Oct 17, 2024
Research Description: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Supsystic Contact Form by Supsystic allows Stored XSS.This issue affects Contact Form by Supsystic: from n/a through 1.7.28.
Affected versions: Min -, max -.
Status: vulnerable

Apr 17, 2025

CVE, Research URL: CVE-2024-13452
Home page URL: Security reports for Contact Form by Supsystic
Application: Contact Form by Supsystic
Date: Apr 16, 2025
Research Description: The Contact Form by Supsystic plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7.29. This is due to missing or incorrect nonce validation on a saveAsCopy function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions: Min -, max -.
Status: vulnerable