WordPress Plugin Vulnerabilities

Contact Us page - Contact people LITE < 3.7.1 - Contact Update/Deletion/Creation via CSRF

Description

The plugin does not have CSRF checks when creating, updating and deleting contacts, which could allow attackers to make logged in users perform such actions via CSRF attacks

Affects Plugins

Plugin icon
contact-us-page-contact-people
Fixed in 3.7.1

References

CVE
CVE-2023-23973

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Rio Darmawan
Verified
No
WPVDB ID
bc91072b-bed3-43e3-960c-a76e0ad184e0

Timeline

Publicly Published
2023-01-20 (about 3 years ago)
Added
2023-03-01 (about 3 years ago)
Last Updated
2023-03-01 (about 3 years ago)

Other

Published
Title
Published
2021-12-09
Title
tarteaucitron.js - Cookies legislation & GDPR < 1.6 - CSRF to Stored Cross-Site Scripting
Published
2025-02-17
Title
magayo Lottery Results <= 2.0.12 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Published
2023-10-09
Title
EventPrime < 3.2.0 - Booking Creation via CSRF
Published
2011-03-17
Title
WP Related Posts <= 1.0 - Multiple CSRF
Published
2023-03-29
Title
GMAce <= 1.5.2 - Arbitrary File Creation/Deletion/Update via CSRF