CVE-2025-5933: CWE-352 Cross-Site Request Forgery (CSRF) in richarddev7 RD Contacto
The RD Contacto plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing or incorrect nonce validation on the rdWappUpdateData() function. This makes it possible for unauthenticated attackers to update plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
AI Analysis
Technical Summary
CVE-2025-5933 is a Cross-Site Request Forgery (CSRF) vulnerability affecting the RD Contacto plugin for WordPress, developed by richarddev7. This vulnerability exists in all versions up to and including 1.4 of the plugin. The root cause is the absence or incorrect implementation of nonce validation in the rdWappUpdateData() function, which is responsible for updating plugin settings. Nonce validation is a security mechanism used in WordPress to ensure that requests to perform sensitive actions originate from legitimate users and not from malicious third-party sites. Due to this missing validation, an unauthenticated attacker can craft a malicious request that, if executed by an authenticated site administrator (for example, by clicking a specially crafted link), can alter the plugin’s configuration without the administrator’s explicit consent. This type of attack leverages the trust a site has in the administrator’s browser session and does not require the attacker to have direct access or credentials. The CVSS v3.1 base score for this vulnerability is 4.3, indicating a medium severity level. The vector details (AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N) show that the attack can be performed remotely over the network with low attack complexity, requires no privileges, but does require user interaction (the administrator must be tricked into clicking a link). The impact is limited to integrity, as confidentiality and availability are not affected. No known exploits are currently reported in the wild, and no patches have been linked yet, suggesting that mitigation may require manual updates or configuration changes once available. This vulnerability highlights the importance of proper nonce validation in WordPress plugins to prevent unauthorized configuration changes through CSRF attacks.
Potential Impact
For European organizations using WordPress sites with the RD Contacto plugin, this vulnerability poses a risk primarily to the integrity of their website configurations. An attacker exploiting this flaw can modify plugin settings, potentially disrupting contact forms, altering data collection methods, or redirecting communications. While the vulnerability does not directly compromise confidentiality or availability, unauthorized changes could lead to misinformation, loss of trust from users, or indirect exposure if settings are manipulated to facilitate further attacks. Organizations in sectors such as e-commerce, government, healthcare, and education, which rely heavily on WordPress for public-facing websites, may face reputational damage or operational disruptions if attackers leverage this vulnerability. Since exploitation requires tricking an administrator into clicking a malicious link, the threat is heightened in environments where administrators have less cybersecurity awareness or where phishing attacks are prevalent. The lack of known exploits in the wild currently reduces immediate risk, but the medium severity rating and ease of exploitation mean organizations should proactively address this vulnerability to prevent future incidents.
Mitigation Recommendations
1. Immediate mitigation involves educating WordPress site administrators about the risk of clicking on untrusted links, especially when logged into the WordPress admin panel. 2. Monitor official plugin repositories and vendor communications for patches or updates that address the nonce validation issue and apply them promptly once available. 3. Implement web application firewalls (WAFs) with rules designed to detect and block CSRF attack patterns targeting WordPress admin endpoints. 4. Use security plugins that enforce additional CSRF protections or nonce validations on plugin actions. 5. Restrict administrative access to trusted IP addresses or through VPNs to reduce exposure to remote CSRF attacks. 6. Regularly audit plugin configurations and logs for unauthorized changes to detect potential exploitation early. 7. Encourage the use of multi-factor authentication (MFA) for WordPress administrators to reduce the risk of session hijacking or unauthorized access that could compound the impact of CSRF attacks.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland, Sweden
CVE-2025-5933: CWE-352 Cross-Site Request Forgery (CSRF) in richarddev7 RD Contacto
Description
The RD Contacto plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing or incorrect nonce validation on the rdWappUpdateData() function. This makes it possible for unauthenticated attackers to update plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
AI-Powered Analysis
Technical Analysis
CVE-2025-5933 is a Cross-Site Request Forgery (CSRF) vulnerability affecting the RD Contacto plugin for WordPress, developed by richarddev7. This vulnerability exists in all versions up to and including 1.4 of the plugin. The root cause is the absence or incorrect implementation of nonce validation in the rdWappUpdateData() function, which is responsible for updating plugin settings. Nonce validation is a security mechanism used in WordPress to ensure that requests to perform sensitive actions originate from legitimate users and not from malicious third-party sites. Due to this missing validation, an unauthenticated attacker can craft a malicious request that, if executed by an authenticated site administrator (for example, by clicking a specially crafted link), can alter the plugin’s configuration without the administrator’s explicit consent. This type of attack leverages the trust a site has in the administrator’s browser session and does not require the attacker to have direct access or credentials. The CVSS v3.1 base score for this vulnerability is 4.3, indicating a medium severity level. The vector details (AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N) show that the attack can be performed remotely over the network with low attack complexity, requires no privileges, but does require user interaction (the administrator must be tricked into clicking a link). The impact is limited to integrity, as confidentiality and availability are not affected. No known exploits are currently reported in the wild, and no patches have been linked yet, suggesting that mitigation may require manual updates or configuration changes once available. This vulnerability highlights the importance of proper nonce validation in WordPress plugins to prevent unauthorized configuration changes through CSRF attacks.
Potential Impact
For European organizations using WordPress sites with the RD Contacto plugin, this vulnerability poses a risk primarily to the integrity of their website configurations. An attacker exploiting this flaw can modify plugin settings, potentially disrupting contact forms, altering data collection methods, or redirecting communications. While the vulnerability does not directly compromise confidentiality or availability, unauthorized changes could lead to misinformation, loss of trust from users, or indirect exposure if settings are manipulated to facilitate further attacks. Organizations in sectors such as e-commerce, government, healthcare, and education, which rely heavily on WordPress for public-facing websites, may face reputational damage or operational disruptions if attackers leverage this vulnerability. Since exploitation requires tricking an administrator into clicking a malicious link, the threat is heightened in environments where administrators have less cybersecurity awareness or where phishing attacks are prevalent. The lack of known exploits in the wild currently reduces immediate risk, but the medium severity rating and ease of exploitation mean organizations should proactively address this vulnerability to prevent future incidents.
Mitigation Recommendations
1. Immediate mitigation involves educating WordPress site administrators about the risk of clicking on untrusted links, especially when logged into the WordPress admin panel. 2. Monitor official plugin repositories and vendor communications for patches or updates that address the nonce validation issue and apply them promptly once available. 3. Implement web application firewalls (WAFs) with rules designed to detect and block CSRF attack patterns targeting WordPress admin endpoints. 4. Use security plugins that enforce additional CSRF protections or nonce validations on plugin actions. 5. Restrict administrative access to trusted IP addresses or through VPNs to reduce exposure to remote CSRF attacks. 6. Regularly audit plugin configurations and logs for unauthorized changes to detect potential exploitation early. 7. Encourage the use of multi-factor authentication (MFA) for WordPress administrators to reduce the risk of session hijacking or unauthorized access that could compound the impact of CSRF attacks.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Wordfence
- Date Reserved
- 2025-06-09T15:17:16.998Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 68673b5e6f40f0eb729e5f94
Added to database: 7/4/2025, 2:24:30 AM
Last enriched: 7/4/2025, 2:43:12 AM
Last updated: 7/4/2025, 2:43:12 AM
Views: 2
Related Threats
CVE-2025-7053: Cross Site Scripting in Cockpit
MediumCVE-2025-7046: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in dotrex Portfolio for Elementor & Image Gallery | PowerFolio
MediumCVE-2025-6814: CWE-862 Missing Authorization in dunskii Booking X – Appointment and Reservation Availability Calendar
HighCVE-2025-6787: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in ibachal Smart Docs
MediumCVE-2025-6786: CWE-284 Improper Access Control in antwerpes DocCheck Login
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.