8.3 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
27.3%
The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to CSV injection in versions up to, and including, 3.3.0. This allows unauthenticated attackers to embed untrusted input into exported CSV files, which can result in code execution when these files are downloaded and opened on a local system with a vulnerable configuration.
[
{
"vendor": "xpeedstudio",
"product": "Metform Elementor Contact Form Builder – Flexible and Design-Friendly Contact Form builder plugin for WordPress",
"versions": [
{
"version": "*",
"status": "affected",
"lessThanOrEqual": "3.3.0",
"versionType": "semver"
}
],
"defaultStatus": "unaffected"
}
]