All the vulnerabilites related to wpkube - Simple Basic Contact Form
cve-2024-4150
Vulnerability from cvelistv5
Published
2024-05-09 20:03
Modified
2024-08-01 20:33
Severity ?
EPSS score ?
Summary
Simple Basic Contact Form <= 20221201 - Reflected Cross-Site Scripting
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| wpkube | Simple Basic Contact Form |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-4150",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-10T19:28:01.996005Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-10T19:28:54.069Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:33:52.540Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/22074d7a-5dbd-4a0c-bc5d-e4c983e5edb4?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/simple-basic-contact-form/trunk/simple-basic-contact-form.php#L122"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/3080540"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Simple Basic Contact Form",
"vendor": "wpkube",
"versions": [
{
"lessThanOrEqual": "20221201",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Krzysztof Zaj\u0105c"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Simple Basic Contact Form plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u2018scf_email\u2019 parameter in versions up to, and including, 20221201 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-09T20:03:20.930Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/22074d7a-5dbd-4a0c-bc5d-e4c983e5edb4?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/simple-basic-contact-form/trunk/simple-basic-contact-form.php#L122"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3080540"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-05-03T00:00:00.000+00:00",
"value": "Disclosed"
}
],
"title": "Simple Basic Contact Form \u003c= 20221201 - Reflected Cross-Site Scripting"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-4150",
"datePublished": "2024-05-09T20:03:20.930Z",
"dateReserved": "2024-04-24T21:37:18.322Z",
"dateUpdated": "2024-08-01T20:33:52.540Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-4144
Vulnerability from cvelistv5
Published
2024-05-14 05:33
Modified
2024-08-01 20:33
Severity ?
EPSS score ?
Summary
Simple Basic Contact Form <= 20240502 - Unauthenticated Arbitrary Shortcode Execution
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| wpkube | Simple Basic Contact Form |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:wpkube:simple_basic_contact_form:-:*:*:*:*:wordpress:*:*"
],
"defaultStatus": "unknown",
"product": "simple_basic_contact_form",
"vendor": "wpkube",
"versions": [
{
"lessThanOrEqual": "20240502",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-4144",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-14T16:15:29.671711Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-23T16:57:20.599Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:33:52.480Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ded1944f-662d-4d25-8277-4b1dc63b2144?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/simple-basic-contact-form/trunk/simple-basic-contact-form.php#L543"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/3085036/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Simple Basic Contact Form",
"vendor": "wpkube",
"versions": [
{
"lessThanOrEqual": "20240502",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Matthew Rollings"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Simple Basic Contact Form plugin for WordPress for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 20240502. This allows unauthenticated attackers to execute arbitrary shortcodes. The severity and exploitability depends on the functionality of other plugins installed in the environment."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-14T05:33:00.221Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ded1944f-662d-4d25-8277-4b1dc63b2144?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/simple-basic-contact-form/trunk/simple-basic-contact-form.php#L543"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3085036/"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-05-13T00:00:00.000+00:00",
"value": "Disclosed"
}
],
"title": "Simple Basic Contact Form \u003c= 20240502 - Unauthenticated Arbitrary Shortcode Execution"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-4144",
"datePublished": "2024-05-14T05:33:00.221Z",
"dateReserved": "2024-04-24T20:00:16.133Z",
"dateUpdated": "2024-08-01T20:33:52.480Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}