Lucene search

[email protected]NVD:CVE-2023-0085

HistoryMar 02, 2023 - 5:15 p.m.

CVE-2023-0085

2023-03-0217:15:09

[email protected]

web.nvd.nist.gov

metform elementor

wordpress

recaptcha bypass

vulnerability

form builder

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

EPSS

0.001

Percentile

51.3%

JSON

The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to reCaptcha Bypass in versions up to, and including, 3.2.1. This is due to insufficient server side checking on the captcha value submitted during a form submission. This makes it possible for unauthenticated attackers to bypass Captcha restrictions and for attackers to utilize bots to submit forms.

Affected configurations

Nvd

Node

wpmetmetform_elementor_contact_form_builderRange≤3.2.1wordpress

VendorProductVersionCPE
wpmetmetform_elementor_contact_form_builder*cpe:2.3:a:wpmet:metform_elementor_contact_form_builder:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
wpmet	metform_elementor_contact_form_builder	*	cpe:2.3:a:wpmet:metform_elementor_contact_form_builder::::::wordpress::*

References

plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2868889%40metform&new=2868889%40metform&sfp_email=&sfph_mail=

wordpress.org/plugins/metform/

www.wordfence.com/threat-intel/vulnerabilities/id/69527d4b-49b6-47cd-93b6-39350f881ec9

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

EPSS

0.001

Percentile

51.3%

JSON

Related for NVD:CVE-2023-0085

cve1 wpvulndb1 cvelist1 openvas1 prion1 wordfence1