simple-basic-react-button (=0.1.0) potentially affected by unknown CVE via prpo-types (=0.0.1-security)

prpo-types NPM version =0.0.1-security is affected by a known vulnerability. The following packages have a transitive dependency on prpo-types and may be impacted: - simple-basic-react-button =0.1.0 Source cves: unknown CVE Source advisory: OSV:MAL-2025-30788...

CVE-2024-4144

The Simple Basic Contact Form plugin for WordPress for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 20240502. This allows unauthenticated attackers to execute arbitrary shortcodes. The severity and exploitability depends on the functionality of...

CVE-2022-4226

The Simple Basic Contact Form WordPress plugin before 20221201 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setu...

CVE-2024-12716 Simple Basic Contact Form < 20250114 - Admin+ Stored XSS

The Simple Basic Contact Form WordPress plugin before 20250114 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setu...

WordPress plugin Simple Basic Contact Form 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

PT-2025-21430 · WordPress · Simple Basic Contact Form

Name of the Vulnerable Software and Affected Versions: The Simple Basic Contact Form WordPress plugin versions prior to 20250114 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This can occur even when the unfiltered html...

PT-2024-29426 · WordPress · Simple Basic Contact Form

Name of the Vulnerable Software and Affected Versions: Simple Basic Contact Form plugin for WordPress versions up to and including 20221201 Description: The issue arises from insufficient input sanitization and output escaping, allowing unauthenticated attackers to inject arbitrary web scripts vi...

WordPress Simple Basic Contact Form Plugin <= 20221201 is vulnerable to Cross Site Scripting (XSS)

Software Simple Basic Contact Form Type Plugin Vulnerable versions = 20221201 Fixed in 20240502 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4150 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 56d60208321f Credits...

CVE-2022-4226 Simple Basic Contact Form < 20221201 - Admin+ Stored XSS

The Simple Basic Contact Form WordPress plugin before 20221201 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setu...

PT-2022-26341 · WordPress · Simple Basic Contact Form

Name of the Vulnerable Software and Affected Versions: Simple Basic Contact Form WordPress plugin versions prior to 20221201 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed,...

WordPress plugin Simple Basic Contact 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site scripting vulnerability exists in versions ...