CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-45771 – WordPress Contact Form With Captcha plugin <= 1.6.8 - Reflected Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2023-45771
12 Oct 2023 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Contact Form With Captcha allows Reflected XSS.This issue affects Contact Form With Captcha: from n/a through 1.6.8. La neutralización inadecuada de la entrada durante la vulnerabilidad de generación de páginas web ('Cross-site Scripting') en Contact Form With Captcha permite el XSS reflejado. Este problema afecta a Contact Form With Captcha: desde n/a hasta 1.6.8. The Contact Form With Captcha plugin for W... • https://patchstack.com/database/vulnerability/contact-form-with-captcha/wordpress-contact-form-with-captcha-plugin-1-6-8-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-42358 – Contact Form With Captcha <= 1.6.2 Cross-Site Request Forgery to Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2021-42358
29 Nov 2021 — The Contact Form With Captcha WordPress plugin is vulnerable to Cross-Site Request Forgery due to missing nonce validation in the ~/cfwc-form.php file during contact form submission, which made it possible for attackers to inject arbitrary web scripts in versions up to, and including 1.6.2. El plugin Contact Form With Captcha de WordPress es vulnerable a un ataque de tipo Cross-Site Request Forgery debido a una falta de comprobación de nonce en el archivo ~/cfwc-form.php durante el envío del formulario de c... • https://plugins.trac.wordpress.org/browser/contact-form-with-captcha/trunk/cfwc-form.php#L17 • CWE-352: Cross-Site Request Forgery (CSRF) •