Lucene search

Muhammad Zeeshan (Xib3rR4dAr)PATCHSTACK:1CCC2E2A5898EE1FA5710D1CD05ACC06

HistoryApr 23, 2022 - 12:00 a.m.

WordPress Metform Elementor Contact Form Builder plugin <= 2.1.3 - Unauthenticated API keys and Secrets Disclosure vulnerability

2022-04-2300:00:00

Muhammad Zeeshan (Xib3rR4dAr)

patchstack.com

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

JSON

Unauthenticated API keys and Secrets Disclosure vulnerability discovered by Muhammad Zeeshan (Xib3rR4dAr) in WordPress Metform Elementor Contact Form Builder plugin (versions <= 2.1.3).

Solution

           Update the WordPress Metform Elementor Contact Form Builder plugin to the latest available version (at least 2.1.4).

CPENameOperatorVersion
metform elementor contact form builderle2.1.3

CPE	Name	Operator	Version
	metform elementor contact form builder	le	2.1.3

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1442

wordpress.org/plugins/metform/#developers

www.wordfence.com/vulnerability-advisories/#CVE-2022-1442

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

JSON

Related for PATCHSTACK:1CCC2E2A5898EE1FA5710D1CD05ACC06