Reflected Cross-Site Scripting Vulnerability in Simple Basic Contact Form for WordPress
CVE-2024-4150
6.1MEDIUM
What is CVE-2024-4150?
The Simple Basic Contact Form plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the āscf_emailā parameter in versions up to, and including, 20221201 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Affected Version(s)
Simple Basic Contact Form * <= 20221201