305 matches found
CVE-2023-0689
The Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the 'mffirstname' shortcode in versions up to, and including, 3.3.1. This allows authenticated attackers, with subscriber-level capabilities or above to obtain sensitive information about arbitrar...
CVE-2023-0689
The Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the 'mffirstname' shortcode in versions up to, and including, 3.3.1. This allows authenticated attackers, with subscriber-level capabilities or above to obtain sensitive information about arbitrar...
CVE-2023-0689
The Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the 'mffirstname' shortcode in versions up to, and including, 3.3.1. This allows authenticated attackers, with subscriber-level capabilities or above to obtain sensitive information about arbitrar...
Information disclosure
The Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the 'mffirstname' shortcode in versions up to, and including, 3.3.1. This allows authenticated attackers, with subscriber-level capabilities or above to obtain sensitive information about arbitrar...
CVE-2023-0689
The CVE-2023-0689 entry concerns the WordPress Metform Elementor Contact Form Builder plugin. Affected: Metform Elementor Contact Form Builder for WordPress, versions up to and including 3.3.1. Issue: Information disclosure via the mf_first_name shortcode, allowing authenticated attackers with su...
CVE-2023-0689 Metform Elementor Contact Form Builder <= 3.3.1 - Authenticated (Subscriber+) Information Disclosure via 'mf_first_name' shortcode
The Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the 'mffirstname' shortcode in versions up to, and including, 3.3.1. This allows authenticated attackers, with subscriber-level capabilities or above to obtain sensitive information about arbitrar...
CVE-2023-0689 Metform Elementor Contact Form Builder <= 3.3.1 - Authenticated (Subscriber+) Information Disclosure via 'mf_first_name' shortcode
The Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the 'mffirstname' shortcode in versions up to, and including, 3.3.1. This allows authenticated attackers, with subscriber-level capabilities or above to obtain sensitive information about arbitrar...
PT-2023-16457 · WordPress · Metform Elementor Contact Form Builder
Name of the Vulnerable Software and Affected Versions: Metform Elementor Contact Form Builder for WordPress versions up to, and including, 3.3.1 Description: The issue allows authenticated attackers with subscriber-level capabilities or above to obtain sensitive information about arbitrary form...
WordPress Metform Elementor Contact Form Builder Plugin <= 3.3.1 is vulnerable to Sensitive Data Exposure
Software Metform Elementor Contact Form Builder Type Plugin Vulnerable versions = 3.3.1 Fixed in 3.3.2 OWASP Top 10 A5: Security Misconfiguration Classification Sensitive Data Exposure CVE CVE-2023-0689 Patch priority Low CVSS severity Low 4.3 Developer Wpmet PSID 4be7cb75c51f Credits Ramuel Gall...
CVE-2023-2517
The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.3.2. This is due to missing or incorrect nonce validation on the permalinksetup function. This makes it possible for unauthenticated attackers to change...
CVE-2023-2517
The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.3.2. This is due to missing or incorrect nonce validation on the permalinksetup function. This makes it possible for unauthenticated attackers to change...
Cross site request forgery (csrf)
The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.3.2. This is due to missing or incorrect nonce validation on the permalinksetup function. This makes it possible for unauthenticated attackers to change...
CVE-2023-2517
Metform Elementor Contact Form Builder for WordPress is affected by CSRF in versions up to 3.3.2 due to missing/incorrect nonce validation in permalink_setup, enabling unauthenticated attackers to alter permalink structures via forged requests if a site admin is tricked. The issue is caused by no...
CVE-2023-2517 Metform Elementor Contact Form Builder <= 3.3.2 - Cross-Site Request Forgery via permalink_setup
The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.3.2. This is due to missing or incorrect nonce validation on the permalinksetup function. This makes it possible for unauthenticated attackers to change...
CVE-2023-2517 Metform Elementor Contact Form Builder <= 3.3.2 - Cross-Site Request Forgery via permalink_setup
The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.3.2. This is due to missing or incorrect nonce validation on the permalinksetup function. This makes it possible for unauthenticated attackers to change...
WordPress Plugin Metform Elementor Contact Form Builder 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...
WordPress Metform Elementor Contact Form Builder Plugin <= 3.3.2 is vulnerable to Cross Site Request Forgery (CSRF)
Software Metform Elementor Contact Form Builder Type Plugin Vulnerable versions = 3.3.2 Fixed in 3.3.3 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-2517 Patch priority Low CVSS severity Low 4.3 Developer Wpmet PSID c4b175b1c9ca Credits Marco...
Metform Elementor Contact Form Builder < 3.3.3 - Cross-Site Request Forgery
The plugin does not correctly validate nonces on the permalinksetup function. This can potentially enable the alteration of permalink structure via a forged request, if an administrator is tricked into clicking a deceptive link. Verification only takes place when a nonce is provided, leaving the...
WordPress Metform Elementor Contact Form Builder Plugin < 3.3.2 Multiple Information Disclosure Vulnerabilities
The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wpmet:metformelementorcontactformbuilder"; if description...
WordPress Metform Elementor Contact Form Builder Plugin <= 3.3.0 Missing Authorization Vulnerability
The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wpmet:metformelementorcontactformbuilder"; if description...