Lucene search

WordfenceCVELIST:CVE-2023-0714

HistoryAug 17, 2024 - 9:38 a.m.

CVE-2023-0714 Metform Elementor Contact Form Builder <= 3.2.4 - Unauthenticated Double-Extension Arbitrary File Upload

2024-08-1709:38:58

CWE-434

Wordfence

www.cve.org

cve-2023-0714

wordpress

file upload

remote code execution

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

28.0%

JSON

The Metform Elementor Contact Form Builder for WordPress is vulnerable to Arbitrary File Upload due to insufficient file type validation in versions up to, and including, 3.2.4. This allows unauthenticated visitors to perform a “double extension” attack and upload files containing a malicious extension but ending with a benign extension, which may make remote code execution possible in some configurations.

CNA Affected

[
  {
    "vendor": "xpeedstudio",
    "product": "MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor",
    "versions": [
      {
        "version": "*",
        "status": "affected",
        "lessThanOrEqual": "3.2.4",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

plugins.trac.wordpress.org/browser/metform/trunk/core/entries/file-data-validation.php?rev=2746287

plugins.trac.wordpress.org/changeset/2896914/

www.wordfence.com/threat-intel/vulnerabilities/id/697ce433-f321-4977-a2ad-68369d9ce9c3?source=cve

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

28.0%

JSON

Related for CVELIST:CVE-2023-0714