305 matches found
CVE-2024-1585
The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 3.8.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
Cross site scripting
The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 3.8.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2024-1585 Metform Elementor Contact Form Builder <= 3.8.3 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode
The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 3.8.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2024-1585
CVE-2024-1585 affects Metform – Elementor Contact Form Builder for WordPress. The vulnerability is a Stored Cross-Site Scripting (XSS) in shortcode handling, caused by insufficient input sanitization and output escaping on user-supplied attributes. Affected versions are up to 3.8.3; exploitation ...
CVE-2024-1585 Metform Elementor Contact Form Builder <= 3.8.3 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode
The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 3.8.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
WordPress Plugin Metform Elementor Contact Form Builder Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...
Metform Elementor Contact Form Builder < 3.8.4 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode
Description The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 3.8.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
WordPress Metform Elementor Contact Form Builder Plugin <= 3.8.3 is vulnerable to Cross Site Scripting (XSS)
Software Metform Elementor Contact Form Builder Type Plugin Vulnerable versions = 3.8.3 Fixed in 3.8.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1585 Patch priority Low CVSS severity Low 6.5 Developer Wpmet PSID 30fa19a63f6b Credits Bassem Essa...
Metform Elementor Contact Form Builder < 3.8.2 - Cross-Site Request Forgery
Description The plugin is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.8.1. This is due to missing or incorrect nonce validation on the contents function. This makes it possible for unauthenticated attackers to update the options "mfhubsopttoken",...
CVE-2023-6788
The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.8.1. This is due to missing or incorrect nonce validation on the contents function. This makes it possible for unauthenticated attackers to update th...
Cross site request forgery (csrf)
The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.8.1. This is due to missing or incorrect nonce validation on the contents function. This makes it possible for unauthenticated attackers to update th...
CVE-2023-6788
CVE-2023-6788 affects the Metform Elementor Contact Form Builder WordPress plugin. The vulnerability is a Cross-Site Request Forgery (CSRF) flaw caused by missing/incorrect nonce validation in the contents function, enabling unauthenticated attackers to update options such as mf_hubsopt_token, mf...
CVE-2023-6788 Metform Elementor Contact Form Builder <= 3.8.1 - Cross-Site Request Forgery
The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.8.1. This is due to missing or incorrect nonce validation on the contents function. This makes it possible for unauthenticated attackers to update th...
WordPress Plugin Metform Elementor Contact Form Builder Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...
PT-2024-15084 · WordPress · Metform Elementor Contact Form Builder
Name of the Vulnerable Software and Affected Versions: Metform Elementor Contact Form Builder plugin for WordPress versions up to, and including, 3.8.1 Description: The issue is due to missing or incorrect nonce validation on the contents function, making it possible for unauthenticated attackers...
WordPress Metform Elementor Contact Form Builder Plugin <= 3.8.1 is vulnerable to Cross Site Request Forgery (CSRF)
Software Metform Elementor Contact Form Builder Type Plugin Vulnerable versions = 3.8.1 Fixed in 3.8.2 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-6788 Patch priority Low CVSS severity Low 5.4 Developer Wpmet PSID f512d659309a Credits Lucio S...
WordPress Metform Elementor Contact Form Builder Plugin <= 3.4.0 is vulnerable to Broken Access Control
Software Metform Elementor Contact Form Builder Type Plugin Vulnerable versions = 3.4.0 Fixed in 3.4.1 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-50903 Patch priority Low CVSS severity Low 5.3 Developer Wpmet PSID a863ac993a04 Credits Revan Arifio...
Metform Elementor Contact Form Builder < 3.3.2 - Authenticated (Subscriber+) Information Disclosure via 'mf_first_name' shortcode
Description The Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the 'mffirstname' shortcode in versions up to, and including, 3.3.1. This allows authenticated attackers, with subscriber-level capabilities or above to obtain sensitive information...
WordPress Metform Elementor Contact Form Builder Plugin < 3.3.3 CSRF Vulnerability
The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wpmet:metformelementorcontactformbuilder"; if description...
WordPress Metform Elementor Contact Form Builder Plugin < 3.3.2 Information Disclosure Vulnerability
The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wpmet:metformelementorcontactformbuilder"; if description...