CVE-2024-24929: 
WordPress vulnerability analysis and mitigation

A Cross-Site Request Forgery (CSRF) vulnerability was identified in the WP Contact Form WordPress plugin, developed by Ryan Duff and Peter Westwood. The vulnerability affects all versions of WP Contact Form up to and including version 1.6. This security issue was discovered by researcher Nguyen Thi Huyen Trang (Skalucy) and was assigned CVE-2024-24929 on February 1, 2024 (Patchstack Database).

The vulnerability has received varying CVSS severity ratings from different sources. The National Vulnerability Database (NVD) assigned it a High severity score of 8.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), while Patchstack rated it as Medium severity with a score of 4.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N). The vulnerability is classified under CWE-352 (Cross-Site Request Forgery) (NVD).

The CSRF vulnerability could potentially allow malicious actors to force higher privileged users to execute unwanted actions under their current authentication. The exact impact may vary depending on the specific implementation and usage context (Patchstack Database).

Currently, there is no official fix available for this vulnerability. The issue affects all versions up to and including 1.6, and no patched version has been released yet (Patchstack Database).