CVE-2023-0721

The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to CSV injection in versions up to, and including, 3.3.0. This allows unauthenticated attackers to embed untrusted input into exported CSV files, which can result in code execution when these files are downloaded and...

WordPress Metform Elementor Contact Form Builder plugin <= 3.9.7 - Server Side Request Forgery (SSRF) vulnerability

Server Side Request Forgery SSRF vulnerability discovered by Marek Mikita in WordPress Plugin Metform versions = 3.9.2...

CVE-2023-0693

The Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the 'mftransactionid' shortcode in versions up to, and including, 3.3.1. This allows authenticated attackers, with subscriber-level capabilities or above to obtain sensitive information about the...

CVE-2023-0691

The Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the 'mflastname' shortcode in versions up to, and including, 3.3.1. This allows authenticated attackers, with subscriber-level capabilities or above to obtain sensitive information about arbitrary...

WordPress plugin Metform Elementor Contact Form Builder 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

CVE-2023-0085

The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to reCaptcha Bypass in versions up to, and including, 3.2.1. This is due to insufficient server side checking on the captcha value submitted during a form submission. This makes it possible for unauthenticated attackers...