CVE-2025-9944
BaseFortify
Publication date: 2025-09-27
Last updated on: 2025-09-29
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wordpress | professional_contact_form | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-352 | The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-9944 is a Cross-Site Request Forgery (CSRF) vulnerability in the Professional Contact Form WordPress plugin (up to version 1.0.0). It occurs because the plugin's function that handles contact form submissions (watch_for_contact_form_submit) lacks proper nonce validation. This allows an attacker to trick a site administrator into performing actions like sending test emails by clicking on a malicious link, even though the attacker is unauthenticated. [1]
How can this vulnerability impact me? :
This vulnerability can allow an attacker to cause a site administrator to unknowingly send test emails via the contact form plugin. While it does not directly compromise confidentiality or availability, it can be used to send unauthorized emails, potentially leading to spam, phishing, or reputation damage. The attacker cannot directly read or alter data but can abuse the email sending functionality. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for HTTP POST or GET requests to the WordPress site that include an 'action' parameter starting with 'pcf_' which triggers the vulnerable function. Specifically, look for requests that attempt to send test emails or trigger the contact form submission without proper nonce validation. Commands to detect such activity could include using web server access logs or network monitoring tools to filter requests. For example, using grep on Apache or Nginx logs: `grep 'action=pcf_' /var/log/apache2/access.log` or `grep 'action=pcf_' /var/log/nginx/access.log`. Additionally, monitoring for unusual email sending activity from the WordPress server may help detect exploitation attempts. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include updating the Professional Contact Form plugin to a version that fixes the nonce validation issue if available. If an update is not yet available, temporarily disabling the plugin or restricting access to the contact form submission endpoints can reduce risk. Additionally, implementing web application firewall (WAF) rules to block requests with suspicious 'action' parameters related to 'pcf_' and ensuring that only authenticated and authorized users can trigger email sending actions can help mitigate exploitation. Enabling reCaptcha and verifying its enforcement on all submission types may also reduce automated abuse. [1]