Supsystic Contact Form by Supsystic
Moderate fix1 remedy
cpe:2.3:a:supsystic:contact_form:*:*:*:*:wordpress:*:*
Moderate fix1 remedy
- <= 1.7.29
Contact Form by Supsystic WordPress Plugin Cross-Site Request Forgery Vulnerability
Vulnerability
Patched
A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the Contact Form by Supsystic plugin for WordPress, affecting all versions through 1.7.29. The vulnerability arises from inadequate nonce validation in the 'saveAsCopy' function, allowing unauthenticated attackers to manipulate settings and inject malicious scripts. Exploitation requires tricking a site administrator into clicking a link that initiates the forged request.
Impact
Exploitation of this vulnerability could lead to Cross-Site Scripting (XSS) attacks, where injected scripts are executed in the context of the user.
Reproduction
To reproduce this vulnerability, an attacker must send a forged request to the 'saveAsCopy' AJAX action without a valid nonce. This can be done by tricking an administrator into clicking a link that activates the request, such as through a phishing email or a compromised website comment.
Remediation
Users are advised to update the Contact Form by Supsystic plugin to version 1.7.30 or later.
Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM
Vulnerability Rating
Custom Algorithm
spread
1.0impact
1.7exploitability
7.6remediation
7.7relevance
0.0threat
4.8urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.