CVE-2023-35051: WordPress Contact Forms by Cimatti plugin <= 1.5.7 - Broken Access Control vulnerability

5.4 CVSS

Description

Missing Authorization vulnerability in Cimatti Consulting Contact Forms by Cimatti allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Forms by Cimatti: from n/a through 1.5.7.

Classification

CVE ID: CVE-2023-35051

CVSS Base Severity: MEDIUM

CVSS Base Score: 5.4

Affected Products

Vendor: Cimatti Consulting

Product: Contact Forms by Cimatti

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 11.48% (scored less or equal to compared to others)

EPSS Date: 2025-02-04 (when was this score calculated)

References

https://patchstack.com/database/wordpress/plugin/contact-forms/vulnerability/wordpress-contact-forms-by-cimatti-plugin-1-5-7-broken-access-control-vulnerability?_s_id=cve

Timeline

2024-12-14 00:30:16 UTC
CVE

WordPress Contact Forms by Cimatti plugin <= 1.5.7 - Broken Access Control vulnerability