CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-2301

The Contact Form Builder by vcita plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.10.3. This is due to missing nonce validation on the ls_parse_vcita_callback function. This makes it possible for unauthenticated attackers to modify the plugin's settings and inject malicious JavaScript via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. While the Cross-Site Scripting issue was patched in version 4.10.1, the plugin is still technically vulnerable to Cross-Site Request Forgery since a capability check but no nonce check was added in 4.10.2.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 44.1%

CVSS Severity

CVSS v3 Score 6.1

References

Products affected by CVE-2023-2301

Vcita » Contact Form Builder By Vcita » Version: 1.1.0

cpe:2.3:a:vcita:contact_form_builder_by_vcita:1.1.0
Vcita » Contact Form Builder By Vcita » Version: 1.2.0

cpe:2.3:a:vcita:contact_form_builder_by_vcita:1.2.0
Vcita » Contact Form Builder By Vcita » Version: 1.2.2

cpe:2.3:a:vcita:contact_form_builder_by_vcita:1.2.2
Vcita » Contact Form Builder By Vcita » Version: 1.3.0

cpe:2.3:a:vcita:contact_form_builder_by_vcita:1.3.0
Vcita » Contact Form Builder By Vcita » Version: 1.4.0

cpe:2.3:a:vcita:contact_form_builder_by_vcita:1.4.0
Vcita » Contact Form Builder By Vcita » Version: 1.4.1

cpe:2.3:a:vcita:contact_form_builder_by_vcita:1.4.1
Vcita » Contact Form Builder By Vcita » Version: 1.4.2

cpe:2.3:a:vcita:contact_form_builder_by_vcita:1.4.2
Vcita » Contact Form Builder By Vcita » Version: 1.4.3

cpe:2.3:a:vcita:contact_form_builder_by_vcita:1.4.3
Vcita » Contact Form Builder By Vcita » Version: 1.4.4

cpe:2.3:a:vcita:contact_form_builder_by_vcita:1.4.4
Vcita » Contact Form Builder By Vcita » Version: 1.4.5

cpe:2.3:a:vcita:contact_form_builder_by_vcita:1.4.5
Vcita » Contact Form Builder By Vcita » Version: 1.4.6

cpe:2.3:a:vcita:contact_form_builder_by_vcita:1.4.6
Vcita » Contact Form Builder By Vcita » Version: 1.4.6.1

cpe:2.3:a:vcita:contact_form_builder_by_vcita:1.4.6.1
Vcita » Contact Form Builder By Vcita » Version: 1.4.6.2

cpe:2.3:a:vcita:contact_form_builder_by_vcita:1.4.6.2
Vcita » Contact Form Builder By Vcita » Version: 2.0.0

cpe:2.3:a:vcita:contact_form_builder_by_vcita:2.0.0
Vcita » Contact Form Builder By Vcita » Version: 2.1.0

cpe:2.3:a:vcita:contact_form_builder_by_vcita:2.1.0
Vcita » Contact Form Builder By Vcita » Version: 2.1.1

cpe:2.3:a:vcita:contact_form_builder_by_vcita:2.1.1
Vcita » Contact Form Builder By Vcita » Version: 2.1.2

cpe:2.3:a:vcita:contact_form_builder_by_vcita:2.1.2
Vcita » Contact Form Builder By Vcita » Version: 2.1.3

cpe:2.3:a:vcita:contact_form_builder_by_vcita:2.1.3
Vcita » Contact Form Builder By Vcita » Version: 3.0

cpe:2.3:a:vcita:contact_form_builder_by_vcita:3.0
Vcita » Contact Form Builder By Vcita » Version: 3.1

cpe:2.3:a:vcita:contact_form_builder_by_vcita:3.1
Vcita » Contact Form Builder By Vcita » Version: 3.10.0

cpe:2.3:a:vcita:contact_form_builder_by_vcita:3.10.0
Vcita » Contact Form Builder By Vcita » Version: 3.2

cpe:2.3:a:vcita:contact_form_builder_by_vcita:3.2
Vcita » Contact Form Builder By Vcita » Version: 3.2.1

cpe:2.3:a:vcita:contact_form_builder_by_vcita:3.2.1
Vcita » Contact Form Builder By Vcita » Version: 3.3.0

cpe:2.3:a:vcita:contact_form_builder_by_vcita:3.3.0
Vcita » Contact Form Builder By Vcita » Version: 3.3.2

cpe:2.3:a:vcita:contact_form_builder_by_vcita:3.3.2
Vcita » Contact Form Builder By Vcita » Version: 3.4.0

cpe:2.3:a:vcita:contact_form_builder_by_vcita:3.4.0
Vcita » Contact Form Builder By Vcita » Version: 3.5.0

cpe:2.3:a:vcita:contact_form_builder_by_vcita:3.5.0
Vcita » Contact Form Builder By Vcita » Version: 3.6.0

cpe:2.3:a:vcita:contact_form_builder_by_vcita:3.6.0
Vcita » Contact Form Builder By Vcita » Version: 3.7.0

cpe:2.3:a:vcita:contact_form_builder_by_vcita:3.7.0
Vcita » Contact Form Builder By Vcita » Version: 3.8.0

cpe:2.3:a:vcita:contact_form_builder_by_vcita:3.8.0
Vcita » Contact Form Builder By Vcita » Version: 3.9.0

cpe:2.3:a:vcita:contact_form_builder_by_vcita:3.9.0
Vcita » Contact Form Builder By Vcita » Version: 3.9.5

cpe:2.3:a:vcita:contact_form_builder_by_vcita:3.9.5
Vcita » Contact Form Builder By Vcita » Version: 4.0.0

cpe:2.3:a:vcita:contact_form_builder_by_vcita:4.0.0
Vcita » Contact Form Builder By Vcita » Version: 4.1.0

cpe:2.3:a:vcita:contact_form_builder_by_vcita:4.1.0
Vcita » Contact Form Builder By Vcita » Version: 4.2.0

cpe:2.3:a:vcita:contact_form_builder_by_vcita:4.2.0
Vcita » Contact Form Builder By Vcita » Version: 4.3.0

cpe:2.3:a:vcita:contact_form_builder_by_vcita:4.3.0
Vcita » Contact Form Builder By Vcita » Version: 4.4.0

cpe:2.3:a:vcita:contact_form_builder_by_vcita:4.4.0
Vcita » Contact Form Builder By Vcita » Version: 4.5.0

cpe:2.3:a:vcita:contact_form_builder_by_vcita:4.5.0
Vcita » Contact Form Builder By Vcita » Version: 4.5.2

cpe:2.3:a:vcita:contact_form_builder_by_vcita:4.5.2
Vcita » Contact Form Builder By Vcita » Version: 4.5.3

cpe:2.3:a:vcita:contact_form_builder_by_vcita:4.5.3
Vcita » Contact Form Builder By Vcita » Version: 4.5.4

cpe:2.3:a:vcita:contact_form_builder_by_vcita:4.5.4
Vcita » Contact Form Builder By Vcita » Version: 4.6

cpe:2.3:a:vcita:contact_form_builder_by_vcita:4.6
Vcita » Contact Form Builder By Vcita » Version: 4.7

cpe:2.3:a:vcita:contact_form_builder_by_vcita:4.7
Vcita » Contact Form Builder By Vcita » Version: 4.8

cpe:2.3:a:vcita:contact_form_builder_by_vcita:4.8
Vcita » Contact Form Builder By Vcita » Version: 4.8.1

cpe:2.3:a:vcita:contact_form_builder_by_vcita:4.8.1
Vcita » Contact Form Builder By Vcita » Version: 4.9

cpe:2.3:a:vcita:contact_form_builder_by_vcita:4.9
Vcita » Contact Form Builder By Vcita » Version: 4.9.1

cpe:2.3:a:vcita:contact_form_builder_by_vcita:4.9.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-2301

Products

Pricing

Contact Us