Search criteria
1 vulnerability by very_simple_contact_form_project
CVE-2022-1801 (GCVE-0-2022-1801)
Vulnerability from cvelistv5 ā Published: 2022-06-20 10:25 ā Updated: 2024-08-03 00:16
VLAI?
Summary
The Very Simple Contact Form WordPress plugin before 11.6 exposes the solution to the captcha in the rendered contact form, both as hidden input fields and as plain text in the page, making it very easy for bots to bypass the captcha check, rendering the page a likely target for spam bots.
Severity ?
No CVSS data available.
CWE
- CWE-804 - Guessable CAPTCHA
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Very Simple Contact Form |
Affected:
11.6 , < 11.6
(custom)
|
Credits
Sebastian Cruz Cardona
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:16:59.881Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/a5c97809-2ffc-4efb-8c80-1b734361cd06"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Very Simple Contact Form",
"vendor": "Unknown",
"versions": [
{
"lessThan": "11.6",
"status": "affected",
"version": "11.6",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Sebastian Cruz Cardona"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Very Simple Contact Form WordPress plugin before 11.6 exposes the solution to the captcha in the rendered contact form, both as hidden input fields and as plain text in the page, making it very easy for bots to bypass the captcha check, rendering the page a likely target for spam bots."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-804",
"description": "CWE-804 Guessable CAPTCHA",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-20T10:25:58",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/a5c97809-2ffc-4efb-8c80-1b734361cd06"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Very Simple Contact Form \u003c 11.6 - Captcha bypass",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-1801",
"STATE": "PUBLIC",
"TITLE": "Very Simple Contact Form \u003c 11.6 - Captcha bypass"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Very Simple Contact Form",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "11.6",
"version_value": "11.6"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Sebastian Cruz Cardona"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Very Simple Contact Form WordPress plugin before 11.6 exposes the solution to the captcha in the rendered contact form, both as hidden input fields and as plain text in the page, making it very easy for bots to bypass the captcha check, rendering the page a likely target for spam bots."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-804 Guessable CAPTCHA"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/a5c97809-2ffc-4efb-8c80-1b734361cd06",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/a5c97809-2ffc-4efb-8c80-1b734361cd06"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-1801",
"datePublished": "2022-06-20T10:25:59",
"dateReserved": "2022-05-19T00:00:00",
"dateUpdated": "2024-08-03T00:16:59.881Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}