WordPress Plugin Vulnerabilities

VS Contact Form < 14.8 - CAPTCHA Bypass

Description

The VS Contact Form plugin for WordPress is vulnerable to CAPTCHA Bypass in versions up to, and including, 14.7. This makes it possible for unauthenticated attackers to bypass the Captcha Verification.

Affects Plugins

Plugin icon
very-simple-contact-form
Fixed in 14.8

References

CVE
CVE-2024-30540
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/4cc5c663-d1e3-4656-ac69-0d610eeaf774

Miscellaneous

Original Researcher
Kyle Sanchez
Verified
No
WPVDB ID
09b6eaf9-e125-4526-ad8e-20928ec3374a

Timeline

Publicly Published
2024-03-29 (about 2 years ago)
Added
2024-04-03 (about 2 years ago)
Last Updated
2024-04-03 (about 2 years ago)

Other

Published
Title
Published
2023-09-06
Title
Defender Security < 4.1.0 - Protection Bypass (Hidden Login Page)
Published
2017-03-03
Title
Adminer <= 1.4.5 - Security Bypass
Published
2024-12-23
Title
Advanced Google reCAPTCHA < 1.26 - Brute Force Protection IP Unblock
Published
2022-08-29
Title
Site Offline < 1.5.3 - Access Bypass
Published
2024-06-18
Title
Login with phone number < 1.7.35 - Insecure Password Reset Mechanism