{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-4144", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2024-04-24T20:00:16.133Z", "datePublished": "2024-05-14T05:33:00.221Z", "dateUpdated": "2024-08-01T20:33:52.480Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2024-05-14T05:33:00.221Z"}, "affected": [{"vendor": "wpkube", "product": "Simple Basic Contact Form", "versions": [{"version": "*", "status": "affected", "lessThanOrEqual": "20240502", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Simple Basic Contact Form plugin for WordPress for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 20240502. This allows unauthenticated attackers to execute arbitrary shortcodes. The severity and exploitability depends on the functionality of other plugins installed in the environment."}], "title": "Simple Basic Contact Form <= 20240502 - Unauthenticated Arbitrary Shortcode Execution", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ded1944f-662d-4d25-8277-4b1dc63b2144?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/simple-basic-contact-form/trunk/simple-basic-contact-form.php#L543"}, {"url": "https://plugins.trac.wordpress.org/changeset/3085036/"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-94 Improper Control of Generation of Code ('Code Injection')"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "baseScore": 6.5, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Matthew Rollings"}], "timeline": [{"time": "2024-05-13T00:00:00.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"affected": [{"vendor": "wpkube", "product": "simple_basic_contact_form", "cpes": ["cpe:2.3:a:wpkube:simple_basic_contact_form:-:*:*:*:*:wordpress:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "20240502", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-05-14T16:15:29.671711Z", "id": "CVE-2024-4144", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-23T16:57:20.599Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T20:33:52.480Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ded1944f-662d-4d25-8277-4b1dc63b2144?source=cve", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/browser/simple-basic-contact-form/trunk/simple-basic-contact-form.php#L543", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/changeset/3085036/", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ded1944f-662d-4d25-8277-4b1dc63b2144?source=cve", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/browser/simple-basic-contact-form/trunk/simple-basic-contact-form.php#L543", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/changeset/3085036/", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T20:33:52.480Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-4144", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-05-14T16:15:29.671711Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:wpkube:simple_basic_contact_form:-:*:*:*:*:wordpress:*:*"], "vendor": "wpkube", "product": "simple_basic_contact_form", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "20240502"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-14T16:16:33.856Z"}}], "cna": {"title": "Simple Basic Contact Form <= 20240502 - Unauthenticated Arbitrary Shortcode Execution", "credits": [{"lang": "en", "type": "finder", "value": "Matthew Rollings"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"}}], "affected": [{"vendor": "wpkube", "product": "Simple Basic Contact Form", "versions": [{"status": "affected", "version": "*", "versionType": "semver", "lessThanOrEqual": "20240502"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2024-05-13T00:00:00.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ded1944f-662d-4d25-8277-4b1dc63b2144?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/simple-basic-contact-form/trunk/simple-basic-contact-form.php#L543"}, {"url": "https://plugins.trac.wordpress.org/changeset/3085036/"}], "descriptions": [{"lang": "en", "value": "The Simple Basic Contact Form plugin for WordPress for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 20240502. This allows unauthenticated attackers to execute arbitrary shortcodes. The severity and exploitability depends on the functionality of other plugins installed in the environment."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-94 Improper Control of Generation of Code ('Code Injection')"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2024-05-14T05:33:00.221Z"}}}, "cveMetadata": {"cveId": "CVE-2024-4144", "state": "PUBLISHED", "dateUpdated": "2024-08-01T20:33:52.480Z", "dateReserved": "2024-04-24T20:00:16.133Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2024-05-14T05:33:00.221Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "The Simple Basic Contact Form plugin for WordPress for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 20240502. This allows unauthenticated attackers to execute arbitrary shortcodes. The severity and exploitability depends on the functionality of other plugins installed in the environment."}, {"lang": "es", "value": "El complemento Simple Basic Contact Form para WordPress para WordPress es vulnerable a la ejecuci\u00f3n de c\u00f3digos cortos arbitrarios en todas las versiones hasta la 20240502 incluida. Esto permite a atacantes no autenticados ejecutar c\u00f3digos cortos arbitrarios. La gravedad y la explotabilidad dependen de la funcionalidad de otros complementos instalados en el entorno."}], "id": "CVE-2024-4144", "lastModified": "2024-11-21T09:42:16.350", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 2.5, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2024-05-14T16:17:33.483", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/simple-basic-contact-form/trunk/simple-basic-contact-form.php#L543"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/changeset/3085036/"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ded1944f-662d-4d25-8277-4b1dc63b2144?source=cve"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://plugins.trac.wordpress.org/browser/simple-basic-contact-form/trunk/simple-basic-contact-form.php#L543"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://plugins.trac.wordpress.org/changeset/3085036/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ded1944f-662d-4d25-8277-4b1dc63b2144?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Awaiting Analysis"}

{}

{"created": "2025-07-12T22:44:28.722687+00:00", "updated": "2025-07-12T22:44:28.722739+00:00", "vendors": ["wordpress", "wordpress$PRODUCT$wordpress", "wpkube", "wpkube$PRODUCT$simple_basic_contact_form"]}