CVE-2022-1801
HIGHVery Simple Contact Form < 11.6 - Captcha Bypass via Exposed Solution in Rendered Form
Title source: llmDescription
The Very Simple Contact Form WordPress plugin before 11.6 exposes the solution to the captcha in the rendered contact form, both as hidden input fields and as plain text in the page, making it very easy for bots to bypass the captcha check, rendering the page a likely target for spam bots.
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://wpscan.com/vulnerability/a5c97809-2ffc-4efb-8c80-1b734361cd06
Scores
CVSS v3
7.5
EPSS
0.0116
EPSS Percentile
63.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-287
CWE-804
Status
published
Products (1)
very_simple_contact_form_project/very_simple_contact_form
< 11.6
Published
Jun 20, 2022
Tracked Since
Feb 18, 2026