Unrated severityNVD Advisory· Published Feb 1, 2025· Updated Apr 8, 2026
WordPress Contact Forms by Cimatti <= 1.9.4 - Missing Authorization to Unauthenticated Form Submission Download
CVE-2024-12184
Description
The WordPress Contact Forms by Cimatti plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the accua_forms_download_submitted_file() function in all versions up to, and including, 1.9.4. This makes it possible for unauthenticated attackers to download other user submitted forms.
Affected products
3- Range: <=1.9.4
- Range: 0
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.