Описание
The Very Simple Contact Form WordPress plugin before 11.6 exposes the solution to the captcha in the rendered contact form, both as hidden input fields and as plain text in the page, making it very easy for bots to bypass the captcha check, rendering the page a likely target for spam bots.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 11.6 (исключая)
cpe:2.3:a:very_simple_contact_form_project:very_simple_contact_form:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 48%
0.00245
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-804
CWE-287
Связанные уязвимости
CVSS3: 7.5
github
больше 3 лет назад
The Very Simple Contact Form WordPress plugin before 11.6 exposes the solution to the captcha in the rendered contact form, both as hidden input fields and as plain text in the page, making it very easy for bots to bypass the captcha check, rendering the page a likely target for spam bots.
EPSS
Процентиль: 48%
0.00245
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-804
CWE-287