Sebastian Cruz Cardona

**Name of the Vulnerable Software and Affected Versions** Very Simple Contact Form WordPress plugin versions prior to 11.6 **Description** The issue allows bots to bypass the captcha check by exposing the solution in the rendered contact form as hidden input fields and plain text, making the page a target for spam bots. **Recommendations** For versions prior to 11.6, update to version 11.6 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: WordPress Contact Forms by Cimatti WordPress plugin versions prior to 1.4.12 Description: The issue arises from the lack of sanitization and escaping of the Form Title before it is outputted in some admin pages. This could allow high privilege users to perform Cross-Site Scripting attacks, even in scenarios where the unfiltered html is disallowed. Recommendations: For versions prior to 1.4.12, update to version 1.4.12 or later to resolve the issue. As a temporary workaround, consider restricting access to admin pages where the Form Title is outputted to minimize the risk of exploitation.