WordPress Plugin Vulnerabilities

BigContact <= 1.5.8 - Cross-Site Request Forgery

Description

Cross-Site Request Forgery (CSRF) vulnerability in Arian Khosravi, Norik Davtian BigContact Contact Page plugin <= 1.5.8 versions.

Affects Plugins

Plugin icon
bigcontact
No known fix

References

CVE
CVE-2023-22694
URL
https://patchstack.com/database/vulnerability/bigcontact/wordpress-bigcontact-contact-page-plugin-1-5-8-cross-site-request-forgery-csrf-vulnerability

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Mika
Verified
No
WPVDB ID
4d5cdd9b-cbdc-4053-ad72-f7fca43f90c5

Timeline

Publicly Published
2023-07-10 (about 2 years ago)
Added
2023-07-10 (about 2 years ago)
Last Updated
2023-07-10 (about 2 years ago)

Other

Published
Title
Published
2024-06-22
Title
Smart Image Gallery < 1.0.19 - Update/Delete Google API Key via CSRF
Published
2025-11-03
Title
Posts Navigation Links for Sections and Headings - Free by WP Masters <= 1.0.1 - Cross-Site Request Forgery to Settings Update
Published
2025-01-16
Title
go Social <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Published
2025-05-14
Title
File Provider <= 1.2.3 - Item Deletion via CSRF
Published
2024-06-21
Title
WP Job Manager - Resume Manager < 2.2.0 - Cross-Site Request Forgery