VS Contact Form < 14.0 – Missing Authorization | CVE 2023-41862

Affects Plugins

very-simple-contact-form

Fixed in 14.0

References

CVE

CVE-2023-41862

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/e3f665b8-fbd5-4100-baf6-3fa99332a5dc

Classification

Type

NO AUTHORISATION

OWASP top 10

A5: Broken Access Control

CWE

CWE-862

CVSS

5.3 (Medium)

Miscellaneous

Original Researcher

qilin_99

Verified

No

WPVDB ID

ec08efc7-80cf-465b-ae75-0bb938838e98

Timeline

Publicly Published

2023-09-05 (about 2 years ago)

Added

2023-11-23 (about 2 years ago)

Last Updated

2023-12-04 (about 2 years ago)

Other

Published

Title

Published

2025-09-23

Title

MultiLoca < 4.2.9 - Unauthenticated Arbitrary Options Update via 'wcmlim_settings_ajax_handler'

Published

2025-12-18

Title

DesignThemes LMS Addon <= 2.6 - Missing Authorization

Published

2026-01-07

Title

WPAdverts – Classifieds Plugin < 2.3.1 - Missing Authorization

Published

2024-06-06

Title

Podlove Web Player < 5.7.4 - Missing Authorization to Unauthenticated Information Exposure

Published

2024-02-05

Title

Royal Elementor Kit < 1.0.117 - Missing Authorization to Arbitrary Transient Update