All the vulnerabilites related to Unknown - Simple Basic Contact Form
cve-2022-4226
Vulnerability from cvelistv5
Published
2022-12-26 12:28
Modified
2024-08-03 01:34
Severity ?
EPSS score ?
Summary
The Simple Basic Contact Form WordPress plugin before 20221201 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
References
▼ | URL | Tags |
---|---|---|
https://wpscan.com/vulnerability/c5ca22e0-b7a5-468d-8366-1855ff33851b | exploit, vdb-entry, technical-description |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Unknown | Simple Basic Contact Form |
Version: 0 < 20221201 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T01:34:49.844Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "exploit", "vdb-entry", "technical-description", "x_transferred" ], "url": "https://wpscan.com/vulnerability/c5ca22e0-b7a5-468d-8366-1855ff33851b" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "product": "Simple Basic Contact Form", "vendor": "Unknown", "versions": [ { "lessThan": "20221201", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "zhangyunpei and Yeting Li VARAS@IIE" }, { "lang": "en", "type": "coordinator", "value": "WPScan" } ], "descriptions": [ { "lang": "en", "value": "The Simple Basic Contact Form WordPress plugin before 20221201 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)." } ], "problemTypes": [ { "descriptions": [ { "description": "CWE-79 Cross-Site Scripting (XSS)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-01-10T09:11:00.312Z", "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan" }, "references": [ { "tags": [ "exploit", "vdb-entry", "technical-description" ], "url": "https://wpscan.com/vulnerability/c5ca22e0-b7a5-468d-8366-1855ff33851b" } ], "source": { "discovery": "EXTERNAL" }, "title": "Simple Basic Contact Form \u003c 20221201 - Admin+ Stored XSS", "x_generator": { "engine": "WPScan CVE Generator" } } }, "cveMetadata": { "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "assignerShortName": "WPScan", "cveId": "CVE-2022-4226", "datePublished": "2022-12-26T12:28:12.904Z", "dateReserved": "2022-11-30T07:20:34.604Z", "dateUpdated": "2024-08-03T01:34:49.844Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }