Login Sign Up

CVE-2022-1801

7.5 HIGH
Authentication Bypass

📋 TL;DR

The Very Simple Contact Form WordPress plugin before version 11.6 exposes CAPTCHA solutions in rendered contact forms, allowing bots to easily bypass spam protection. This affects WordPress sites using vulnerable versions of the plugin, making contact forms vulnerable to automated spam submissions.

💻 Affected Systems

Products:
  • Very Simple Contact Form WordPress Plugin
Versions: All versions before 11.6
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Affects all WordPress installations using the vulnerable plugin versions. No special configuration required for exploitation.

📦 What is this software?

Very Simple Contact Form by Very Simple Contact Form Project

View all CVEs affecting Very Simple Contact Form →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Contact forms become completely ineffective against spam bots, leading to massive spam submissions, potential data loss from legitimate submissions being buried, and possible reputation damage.

🟠

Likely Case

Significant increase in spam submissions through contact forms, overwhelming site administrators and potentially interfering with legitimate user communications.

🟢

If Mitigated

Minimal impact with proper monitoring and alternative spam filtering mechanisms in place.

🌐 Internet-Facing: HIGH
🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation is trivial as the CAPTCHA solution is exposed in plain text in the HTML source. No authentication required.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 11.6

Vendor Advisory: https://wpscan.com/vulnerability/a5c97809-2ffc-4efb-8c80-1b734361cd06

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find 'Very Simple Contact Form'. 4. Click 'Update Now' if available. 5. If no update button, download version 11.6+ from WordPress repository and manually update.

🔧 Temporary Workarounds

Disable vulnerable plugin

all

Temporarily disable the Very Simple Contact Form plugin until patched

wp plugin deactivate very-simple-contact-form

Implement alternative CAPTCHA

all

Replace with alternative contact form plugin that uses secure CAPTCHA implementation

🧯 If You Can't Patch

  • Implement server-side spam filtering for contact form submissions
  • Monitor contact form submissions for unusual patterns and implement rate limiting

🔍 How to Verify

Check if Vulnerable:

Check plugin version in WordPress admin panel under Plugins > Installed Plugins. If version is below 11.6, you are vulnerable.

Check Version:

wp plugin get very-simple-contact-form --field=version

Verify Fix Applied:

Verify plugin version is 11.6 or higher and inspect contact form page source to ensure CAPTCHA solution is no longer exposed.

📡 Detection & Monitoring

Log Indicators:

  • Unusual spike in contact form submissions
  • Patterns of automated form submissions

Network Indicators:

  • Increased traffic to contact form endpoints
  • Automated POST requests to contact form handler

SIEM Query:

source="wordpress" AND (event="contact_form_submission" AND count > threshold) OR (http_user_agent CONTAINS "bot" AND uri="/wp-admin/admin-ajax.php")

📊 Metadata

CVE ID: CVE-2022-1801
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CWE: CWE-804
Published: June 20, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-1801, you might also want to check these:

CVE-2025-32036 4.2

CVE-2025-32036 is a captcha bypass vulnerability in DNN CMS where the generated captcha images have ...

Same vulnerability type (CWE-804)