CVE-2023-29438

2023-06-2613:15:09

CWE-79

Patchstack

web.nvd.nist.gov

cve-2023-29438

authentication

stored cross-site scripting

xss

eric martin simplemodal contact form

smcf

vulnerability

nvd

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

EPSS

0.001

Percentile

21.2%

JSON

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Eric Martin SimpleModal Contact Form (SMCF) plugin <= 1.2.9 versions.

Affected configurations

Nvd

Vulners

Node

simplemodal_contact_form_projectsimplemodal_contact_formRange≤1.2.9wordpress

VendorProductVersionCPE
simplemodal_contact_form_projectsimplemodal_contact_form*cpe:2.3:a:simplemodal_contact_form_project:simplemodal_contact_form:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
simplemodal_contact_form_project	simplemodal_contact_form	*	cpe:2.3:a:simplemodal_contact_form_project:simplemodal_contact_form::::::wordpress::*

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "simplemodal-contact-form-smcf",
    "product": "SimpleModal Contact Form (SMCF)",
    "vendor": "Eric Martin",
    "versions": [
      {
        "lessThanOrEqual": "1.2.9",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/simplemodal-contact-form-smcf/wordpress-simplemodal-contact-form-smcf-plugin-1-2-9-cross-site-scripting-xss-vulnerability?_s_id=cve