cleantalk
Vulnerabilities and Security Researches

Simple Basic Contact Form, CVE-2022-4226

CVE, Research URL

CVE-2022-4226

Home page URL

Security reports for Simple Basic Contact Form

Application

Simple Basic Contact Form

Published on
Dec 26, 2022
Research Description
The Simple Basic Contact Form WordPress plugin before 20221201 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
Affected versions
Min -, max 20221201.
Status
vulnerable
Previous vulnerability researches
Simple Basic Contact Form (CVE-2022-4226) , Jun 07, 2024
Simple Basic Contact Form (CVE-2024-4150) , Jun 07, 2024
Simple Basic Contact Form (CVE-2024-4144) , Jun 07, 2024
Simple Basic Contact Form (CVE-2024-12716) , May 17, 2025
New vulnerability
Podlove Podcast Publisher (CVE-2024-13730) , May 17, 2025
Podlove Podcast Publisher (CVE-2024-13729) , May 17, 2025
VikBooking Hotel Booking Engine & PMS (CVE-2024-13616) , May 17, 2025
WP2LEADS | WordPress und KlickTipp einfach verbinden – WooCommerce und KlickTipp einfach verbinden (CVE-2025-32922) , May 17, 2025
Posts per Cat [Unmaintained] (CVE-2025-4169) , May 17, 2025