CVE-2022-1801

The Very Simple Contact Form WordPress plugin before 11.6 exposes the solution to the captcha in the rendered contact form, both as hidden input fields and as plain text in the page, making it very easy for bots to bypass the captcha check, rendering the page a likely target for spam bots.
Configurations

Configuration 1 (hide)

cpe:2.3:a:very_simple_contact_form_project:very_simple_contact_form:*:*:*:*:*:wordpress:*:*

History

21 Nov 2024, 06:41

Type Values Removed Values Added
References () https://wpscan.com/vulnerability/a5c97809-2ffc-4efb-8c80-1b734361cd06 - Exploit, Third Party Advisory () https://wpscan.com/vulnerability/a5c97809-2ffc-4efb-8c80-1b734361cd06 - Exploit, Third Party Advisory

24 Jul 2023, 13:29

Type Values Removed Values Added
CWE CWE-863 CWE-287

28 Jun 2022, 18:28

Type Values Removed Values Added
CWE CWE-863
CPE cpe:2.3:a:very_simple_contact_form_project:very_simple_contact_form:*:*:*:*:*:wordpress:*:*
References (MISC) https://wpscan.com/vulnerability/a5c97809-2ffc-4efb-8c80-1b734361cd06 - (MISC) https://wpscan.com/vulnerability/a5c97809-2ffc-4efb-8c80-1b734361cd06 - Exploit, Third Party Advisory
CVSS v2 : unknown
v3 : unknown
v2 : 5.0
v3 : 7.5

20 Jun 2022, 11:15

Type Values Removed Values Added
New CVE

Information

Published : 2022-06-20 11:15

Updated : 2024-11-21 06:41


NVD link : CVE-2022-1801

Mitre link : CVE-2022-1801

CVE.ORG link : CVE-2022-1801


JSON object : View

Products Affected

very_simple_contact_form_project

  • very_simple_contact_form
CWE
CWE-804

Guessable CAPTCHA

CWE-287

Improper Authentication