2 matches found
CVE-2024-4150 Simple Basic Contact Form <= 20221201 - Reflected Cross-Site Scripting
The Simple Basic Contact Form plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘scfemail’ parameter in versions up to, and including, 20221201 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
WordPress Simple Basic Contact Form Plugin <= 20221201 is vulnerable to Cross Site Scripting (XSS)
Software Simple Basic Contact Form Type Plugin Vulnerable versions = 20221201 Fixed in 20240502 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4150 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 56d60208321f Credits...