CVE-2022-1801 Vulnerability Details

  /     /     /  

CVE-2022-1801 Metadata Quick Info

CVE Published: 20/06/2022 | CVE Updated: 03/08/2024 | CVE Year: 2022
Source: WPScan | Vendor: Unknown | Product: Very Simple Contact Form
Status : PUBLISHED

CVE-2022-1801 Description

The Very Simple Contact Form WordPress plugin before 11.6 exposes the solution to the captcha in the rendered contact form, both as hidden input fields and as plain text in the page, making it very easy for bots to bypass the captcha check, rendering the page a likely target for spam bots.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-804
CWE Name: CWE-804 Guessable CAPTCHA
Source: Unknown

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).