2 matches found
CVE-2022-4226
CVE-2022-4226 affects the WordPress plugin Simple Basic Contact Form prior to version 20221201. The vulnerability arises because the plugin does not sanitize or escape certain settings, enabling Stored XSS where high-privilege users (e.g., admins) could execute scripts, even if unfiltered_html is...
CVE-2024-12716
The CVE-2024-12716 entry concerns the WordPress plugin Simple Basic Contact Form prior to 20250114. Affected: the plugin’s settings are not properly sanitized/escaped, enabling Stored Cross-Site Scripting (XSS) by high-privilege users (e.g., admins). Impact is possible even when unfiltered_html i...