cleantalk
Vulnerabilities and Security Researches

Simple Basic Contact Form, CVE-2024-4150

CVE, Research URL

CVE-2024-4150

Home page URL

Security reports for Simple Basic Contact Form

Application

Simple Basic Contact Form

Published on
May 14, 2024
Research Description
The Simple Basic Contact Form plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘scf_email’ parameter in versions up to, and including, 20221201 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Affected versions
Min -, max 20240502.
Status
vulnerable
Previous vulnerability researches
Simple Basic Contact Form (CVE-2022-4226) , Jun 07, 2024
Simple Basic Contact Form (CVE-2024-4150) , Jun 07, 2024
Simple Basic Contact Form (CVE-2024-4144) , Jun 07, 2024
Simple Basic Contact Form (CVE-2024-12716) , May 17, 2025
New vulnerability
Podlove Podcast Publisher (CVE-2024-13730) , May 17, 2025
Podlove Podcast Publisher (CVE-2024-13729) , May 17, 2025
VikBooking Hotel Booking Engine & PMS (CVE-2024-13616) , May 17, 2025
WP2LEADS | WordPress und KlickTipp einfach verbinden – WooCommerce und KlickTipp einfach verbinden (CVE-2025-32922) , May 17, 2025
Posts per Cat [Unmaintained] (CVE-2025-4169) , May 17, 2025