CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-48037 – WordPress Contact Form Widget – Contact Query, Contact Page, Form Maker, Query Table plugin <= 1.4.2 - CSRF vulnerability
https://notcve.org/view.php?id=CVE-2024-48037
09 Oct 2024 — Cross-Site Request Forgery (CSRF) vulnerability in A WP Life Contact Form Widget allows Cross Site Request Forgery.This issue affects Contact Form Widget: from n/a through 1.4.2. The Contact Form Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.4.2. This is due to missing or incorrect nonce validation on the 'delete-contact-query' case in the all-query-page.php file. This makes it possible for unauthenticated attackers to delate contact queries via ... • https://patchstack.com/database/vulnerability/new-contact-form-widget/wordpress-contact-form-widget-contact-query-contact-page-form-maker-query-table-plugin-1-4-2-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34754 – WordPress Contact Form Widget plugin <= 1.3.9 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2024-34754
14 May 2024 — Exposure of Sensitive Information to an Unauthorized Actor vulnerability in A WP Life Contact Form Widget.This issue affects Contact Form Widget: from n/a through 1.3.9. Exposición de información confidencial a una vulnerabilidad de actor no autorizado en A WP Life Contact Form Widget. Este problema afecta a Contact Form Widget: desde n/a hasta 1.3.9. The Contact Form Widget – Contact Query, Contact Page, Form Maker, Query Table plugin for WordPress is vulnerable to Sensitive Information Exposure in all ver... • https://patchstack.com/database/vulnerability/new-contact-form-widget/wordpress-contact-form-widget-plugin-1-3-9-sensitive-data-exposure-vulnerability?_s_id=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •