Skip to main content

CVE-2025-5933: CWE-352 Cross-Site Request Forgery (CSRF) in richarddev7 RD Contacto

Medium
VulnerabilityCVE-2025-5933cvecve-2025-5933cwe-352
Published: Fri Jul 04 2025 (07/04/2025, 01:44:00 UTC)
Source: CVE Database V5
Vendor/Project: richarddev7
Product: RD Contacto

Description

The RD Contacto plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing or incorrect nonce validation on the rdWappUpdateData() function. This makes it possible for unauthenticated attackers to update plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

AI-Powered Analysis

AILast updated: 07/04/2025, 02:43:12 UTC

Technical Analysis

CVE-2025-5933 is a Cross-Site Request Forgery (CSRF) vulnerability affecting the RD Contacto plugin for WordPress, developed by richarddev7. This vulnerability exists in all versions up to and including 1.4 of the plugin. The root cause is the absence or incorrect implementation of nonce validation in the rdWappUpdateData() function, which is responsible for updating plugin settings. Nonce validation is a security mechanism used in WordPress to ensure that requests to perform sensitive actions originate from legitimate users and not from malicious third-party sites. Due to this missing validation, an unauthenticated attacker can craft a malicious request that, if executed by an authenticated site administrator (for example, by clicking a specially crafted link), can alter the plugin’s configuration without the administrator’s explicit consent. This type of attack leverages the trust a site has in the administrator’s browser session and does not require the attacker to have direct access or credentials. The CVSS v3.1 base score for this vulnerability is 4.3, indicating a medium severity level. The vector details (AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N) show that the attack can be performed remotely over the network with low attack complexity, requires no privileges, but does require user interaction (the administrator must be tricked into clicking a link). The impact is limited to integrity, as confidentiality and availability are not affected. No known exploits are currently reported in the wild, and no patches have been linked yet, suggesting that mitigation may require manual updates or configuration changes once available. This vulnerability highlights the importance of proper nonce validation in WordPress plugins to prevent unauthorized configuration changes through CSRF attacks.

Potential Impact

For European organizations using WordPress sites with the RD Contacto plugin, this vulnerability poses a risk primarily to the integrity of their website configurations. An attacker exploiting this flaw can modify plugin settings, potentially disrupting contact forms, altering data collection methods, or redirecting communications. While the vulnerability does not directly compromise confidentiality or availability, unauthorized changes could lead to misinformation, loss of trust from users, or indirect exposure if settings are manipulated to facilitate further attacks. Organizations in sectors such as e-commerce, government, healthcare, and education, which rely heavily on WordPress for public-facing websites, may face reputational damage or operational disruptions if attackers leverage this vulnerability. Since exploitation requires tricking an administrator into clicking a malicious link, the threat is heightened in environments where administrators have less cybersecurity awareness or where phishing attacks are prevalent. The lack of known exploits in the wild currently reduces immediate risk, but the medium severity rating and ease of exploitation mean organizations should proactively address this vulnerability to prevent future incidents.

Mitigation Recommendations

1. Immediate mitigation involves educating WordPress site administrators about the risk of clicking on untrusted links, especially when logged into the WordPress admin panel. 2. Monitor official plugin repositories and vendor communications for patches or updates that address the nonce validation issue and apply them promptly once available. 3. Implement web application firewalls (WAFs) with rules designed to detect and block CSRF attack patterns targeting WordPress admin endpoints. 4. Use security plugins that enforce additional CSRF protections or nonce validations on plugin actions. 5. Restrict administrative access to trusted IP addresses or through VPNs to reduce exposure to remote CSRF attacks. 6. Regularly audit plugin configurations and logs for unauthorized changes to detect potential exploitation early. 7. Encourage the use of multi-factor authentication (MFA) for WordPress administrators to reduce the risk of session hijacking or unauthorized access that could compound the impact of CSRF attacks.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
Wordfence
Date Reserved
2025-06-09T15:17:16.998Z
Cvss Version
3.1
State
PUBLISHED

Threat ID: 68673b5e6f40f0eb729e5f94

Added to database: 7/4/2025, 2:24:30 AM

Last enriched: 7/4/2025, 2:43:12 AM

Last updated: 7/4/2025, 2:43:12 AM

Views: 2

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats