Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    1 vulnerability by very_simple_contact_form_project

    CVE-2022-1801 (GCVE-0-2022-1801)

    Vulnerability from cvelistv5 – Published: 2022-06-20 10:25 – Updated: 2024-08-03 00:16
    VLAI
    Title
    Very Simple Contact Form < 11.6 - Captcha bypass
    Summary
    The Very Simple Contact Form WordPress plugin before 11.6 exposes the solution to the captcha in the rendered contact form, both as hidden input fields and as plain text in the page, making it very easy for bots to bypass the captcha check, rendering the page a likely target for spam bots.
    Severity
    No CVSS data available.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Unknown Very Simple Contact Form Affected: 11.6 , < 11.6 (custom)
    		Create a notification for this product.
    Credits
    Sebastian Cruz Cardona
    Show details on NVD website
    To clipboard 

    {
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T00:16:59.881Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://wpscan.com/vulnerability/a5c97809-2ffc-4efb-8c80-1b734361cd06"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Very Simple Contact Form",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "11.6",
              "status": "affected",
              "version": "11.6",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Sebastian Cruz Cardona"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The Very Simple Contact Form WordPress plugin before 11.6 exposes the solution to the captcha in the rendered contact form, both as hidden input fields and as plain text in the page, making it very easy for bots to bypass the captcha check, rendering the page a likely target for spam bots."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-804",
              "description": "CWE-804 Guessable CAPTCHA",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-06-20T10:25:58.000Z",
        "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "shortName": "WPScan"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://wpscan.com/vulnerability/a5c97809-2ffc-4efb-8c80-1b734361cd06"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Very Simple Contact Form \u003c 11.6 - Captcha bypass",
      "x_generator": "WPScan CVE Generator",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "contact@wpscan.com",
          "ID": "CVE-2022-1801",
          "STATE": "PUBLIC",
          "TITLE": "Very Simple Contact Form \u003c 11.6 - Captcha bypass"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Very Simple Contact Form",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "11.6",
                            "version_value": "11.6"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Unknown"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Sebastian Cruz Cardona"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Very Simple Contact Form WordPress plugin before 11.6 exposes the solution to the captcha in the rendered contact form, both as hidden input fields and as plain text in the page, making it very easy for bots to bypass the captcha check, rendering the page a likely target for spam bots."
            }
          ]
        },
        "generator": "WPScan CVE Generator",
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-804 Guessable CAPTCHA"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://wpscan.com/vulnerability/a5c97809-2ffc-4efb-8c80-1b734361cd06",
              "refsource": "MISC",
              "url": "https://wpscan.com/vulnerability/a5c97809-2ffc-4efb-8c80-1b734361cd06"
            }
          ]
        },
        "source": {
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
    "assignerShortName": "WPScan",
    "cveId": "CVE-2022-1801",
    "datePublished": "2022-06-20T10:25:59.000Z",
    "dateReserved": "2022-05-19T00:00:00.000Z",
    "dateUpdated": "2024-08-03T00:16:59.881Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}