GCVE - cpe:2.3:a:supsystic:contact_form:*:*:*:*:*:wordpress:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:supsystic:contact_form:*:*:*:*:*:wordpress:*:*

part: a version: * update: *

Vendor	Supsystic (`31a63952-7184-5307-ada0-8934fe420f61`)
Product	Contact Form (`c04f082b-9b7f-55cc-8c01-09736914ee36`)
Edition	*
Language	*
Software edition	*
Target software	wordpress
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2023-45068`	vulnerable	2026-06-03 14:53:07.409754	WordPress Contact Form by Supsystic Plugin <= 1.7.27 is vulnerable to Cross Site Request Forgery (CSRF) MEDIUM (5.4) Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Contact Form by Supsystic plugin <= 1.7.27 versions. Published: 2023-10-12T12:44:37.438Z Updated: 2026-04-28T16:08:42.944Z Open on db.gcve.eu Reference links https://patchstack.com/database/vulnerability/contact-form-by-supsystic/wordpress-contact-form-by-supsystic-plugin-1-7-24-cross-site-request-forgery-csrf-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-2528`	vulnerable	2026-06-03 14:51:43.324853	Contact Form by Supsystic <= 1.7.24 - Cross-Site Request Forgery via AJAX action MEDIUM (5.4) The Contact Form by Supsystic plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.24. This is due to missing or incorrect nonce validation on the AJAX action handler. This makes it possible for unauthenticated attackers to execute AJAX actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. Published: 2023-05-16T23:35:31.193Z Updated: 2026-04-08T16:38:27.891Z Open on db.gcve.eu Reference links https://www.wordfence.com/threat-intel/vulnerabilities/id/1c387b07-baf6-4c62-943e-4bd121160ceb?source=cve https://plugins.trac.wordpress.org/browser/contact-form-by-supsystic/trunk/classes/frame.php?rev=2777737#L297 https://plugins.trac.wordpress.org/browser/contact-form-by-supsystic/trunk/classes/frame.php?rev=2912584#L230	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-24276`	vulnerable	2026-06-03 14:43:56.694979	Contact Form by Supsystic < 1.7.15 - Reflected Cross-Site scripting (XSS) The Contact Form by Supsystic WordPress plugin before 1.7.15 did not sanitise the tab parameter of its options page before outputting it in an attribute, leading to a reflected Cross-Site Scripting issue Published: 2021-05-05T18:28:48.000Z Updated: 2024-08-03T19:28:23.251Z Open on db.gcve.eu Reference links https://wpscan.com/vulnerability/1301123c-5e63-432a-ab90-3221ca532d9c http://packetstormsecurity.com/files/164308/WordPress-Contact-Form-1.7.14-Cross-Site-Scripting.html	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.