CVE-2025-5933: CWE-352 Cross-Site Request Forgery (CSRF) in richarddev7 RD Contacto
The RD Contacto plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing or incorrect nonce validation on the rdWappUpdateData() function. This makes it possible for unauthenticated attackers to update plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
AI Analysis
Technical Summary
CVE-2025-5933 is a Cross-Site Request Forgery (CSRF) vulnerability identified in the RD Contacto plugin for WordPress, developed by richarddev7. This vulnerability affects all versions up to and including version 1.4 of the plugin. The root cause is the absence or incorrect implementation of nonce validation in the rdWappUpdateData() function, which is responsible for updating plugin settings. Nonces are security tokens used in WordPress to verify that requests to perform sensitive actions originate from legitimate users and not from malicious third-party sites. Without proper nonce validation, an attacker can craft a malicious request that, when executed by an authenticated site administrator (e.g., by clicking a link or visiting a malicious webpage), causes unintended changes to the plugin’s configuration. This attack does not require the attacker to be authenticated but does require user interaction from an administrator, making it a medium-severity threat. The vulnerability impacts the integrity of the plugin’s settings but does not affect confidentiality or availability. The CVSS v3.1 base score is 4.3, reflecting the network attack vector, low complexity, no privileges required, but requiring user interaction and only impacting integrity. No known exploits are currently reported in the wild, and no patches have been linked yet. Given the widespread use of WordPress and the popularity of contact form plugins, this vulnerability could be leveraged to alter site behavior, potentially enabling further attacks or disrupting normal operations if exploited.
Potential Impact
For European organizations using WordPress sites with the RD Contacto plugin, this vulnerability poses a risk primarily to the integrity of website configurations. An attacker exploiting this flaw could modify plugin settings without authorization, potentially redirecting contact form submissions, disabling security features, or altering site behavior to facilitate phishing or data interception. While the vulnerability does not directly expose confidential data or cause denial of service, the manipulation of plugin settings can undermine trust and operational reliability. Organizations relying on WordPress for customer interaction, especially those in sectors like e-commerce, public services, or healthcare, could face reputational damage or indirect data exposure if attackers redirect or intercept communications. Since exploitation requires tricking an administrator into performing an action, organizations with less security awareness or insufficient user training are at higher risk. Additionally, the lack of a patch increases the window of exposure. The impact is thus moderate but significant enough to warrant prompt mitigation, especially for organizations with high-value or sensitive web presence in Europe.
Mitigation Recommendations
To mitigate this vulnerability, European organizations should first verify if the RD Contacto plugin is installed and identify the version in use. Until an official patch is released, administrators should implement compensating controls such as: 1) Restricting administrative access to trusted networks and devices to reduce the risk of CSRF exploitation. 2) Employing Web Application Firewalls (WAFs) with custom rules to detect and block suspicious POST requests targeting the rdWappUpdateData() function or related plugin endpoints. 3) Educating administrators about the risk of CSRF and advising them to avoid clicking on untrusted links or visiting suspicious websites while logged into the WordPress admin panel. 4) Temporarily disabling or replacing the RD Contacto plugin with alternative contact form plugins that are not vulnerable. 5) Monitoring web server and WordPress logs for unusual POST requests or changes to plugin settings. Once a patch is available, organizations should prioritize updating the plugin immediately. Additionally, implementing Content Security Policy (CSP) headers and SameSite cookie attributes can help reduce CSRF risks across the site.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland, Belgium, Sweden, Austria
CVE-2025-5933: CWE-352 Cross-Site Request Forgery (CSRF) in richarddev7 RD Contacto
Description
The RD Contacto plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing or incorrect nonce validation on the rdWappUpdateData() function. This makes it possible for unauthenticated attackers to update plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
AI-Powered Analysis
Technical Analysis
CVE-2025-5933 is a Cross-Site Request Forgery (CSRF) vulnerability identified in the RD Contacto plugin for WordPress, developed by richarddev7. This vulnerability affects all versions up to and including version 1.4 of the plugin. The root cause is the absence or incorrect implementation of nonce validation in the rdWappUpdateData() function, which is responsible for updating plugin settings. Nonces are security tokens used in WordPress to verify that requests to perform sensitive actions originate from legitimate users and not from malicious third-party sites. Without proper nonce validation, an attacker can craft a malicious request that, when executed by an authenticated site administrator (e.g., by clicking a link or visiting a malicious webpage), causes unintended changes to the plugin’s configuration. This attack does not require the attacker to be authenticated but does require user interaction from an administrator, making it a medium-severity threat. The vulnerability impacts the integrity of the plugin’s settings but does not affect confidentiality or availability. The CVSS v3.1 base score is 4.3, reflecting the network attack vector, low complexity, no privileges required, but requiring user interaction and only impacting integrity. No known exploits are currently reported in the wild, and no patches have been linked yet. Given the widespread use of WordPress and the popularity of contact form plugins, this vulnerability could be leveraged to alter site behavior, potentially enabling further attacks or disrupting normal operations if exploited.
Potential Impact
For European organizations using WordPress sites with the RD Contacto plugin, this vulnerability poses a risk primarily to the integrity of website configurations. An attacker exploiting this flaw could modify plugin settings without authorization, potentially redirecting contact form submissions, disabling security features, or altering site behavior to facilitate phishing or data interception. While the vulnerability does not directly expose confidential data or cause denial of service, the manipulation of plugin settings can undermine trust and operational reliability. Organizations relying on WordPress for customer interaction, especially those in sectors like e-commerce, public services, or healthcare, could face reputational damage or indirect data exposure if attackers redirect or intercept communications. Since exploitation requires tricking an administrator into performing an action, organizations with less security awareness or insufficient user training are at higher risk. Additionally, the lack of a patch increases the window of exposure. The impact is thus moderate but significant enough to warrant prompt mitigation, especially for organizations with high-value or sensitive web presence in Europe.
Mitigation Recommendations
To mitigate this vulnerability, European organizations should first verify if the RD Contacto plugin is installed and identify the version in use. Until an official patch is released, administrators should implement compensating controls such as: 1) Restricting administrative access to trusted networks and devices to reduce the risk of CSRF exploitation. 2) Employing Web Application Firewalls (WAFs) with custom rules to detect and block suspicious POST requests targeting the rdWappUpdateData() function or related plugin endpoints. 3) Educating administrators about the risk of CSRF and advising them to avoid clicking on untrusted links or visiting suspicious websites while logged into the WordPress admin panel. 4) Temporarily disabling or replacing the RD Contacto plugin with alternative contact form plugins that are not vulnerable. 5) Monitoring web server and WordPress logs for unusual POST requests or changes to plugin settings. Once a patch is available, organizations should prioritize updating the plugin immediately. Additionally, implementing Content Security Policy (CSP) headers and SameSite cookie attributes can help reduce CSRF risks across the site.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Wordfence
- Date Reserved
- 2025-06-09T15:17:16.998Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 68673b5e6f40f0eb729e5f94
Added to database: 7/4/2025, 2:24:30 AM
Last enriched: 7/14/2025, 9:18:41 PM
Last updated: 7/30/2025, 2:04:40 AM
Views: 7
Related Threats
CVE-2025-8353: CWE-446: UI Discrepancy for Security Feature in Devolutions Server
UnknownCVE-2025-8312: CWE-833: Deadlock in Devolutions Server
UnknownCVE-2025-54656: CWE-117 Improper Output Neutralization for Logs in Apache Software Foundation Apache Struts Extras
MediumCVE-2025-50578: n/a
CriticalCVE-2025-8292: Use after free in Google Chrome
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.