305 matches found
CVE-2023-0693
CVE-2023-0693 affects the Metform Elementor Contact Form Builder for WordPress. It causes information disclosure via the mf_transaction_id shortcode in versions up to 3.3.1, allowing authenticated users with subscriber-level privileges or higher to view transaction IDs for submissions that includ...
CVE-2023-0695 Metform Elementor Contact Form Builder <= 3.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via mf shortcode
The Metform Elementor Contact Form Builder for WordPress is vulnerable to Cross-Site Scripting by using the 'mf' shortcode to echo unescaped form submissions in versions up to, and including, 3.3.0. This allows authenticated attackers, with contributor-level permissions or above, to inject...
CVE-2023-0695 Metform Elementor Contact Form Builder <= 3.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via mf shortcode
The Metform Elementor Contact Form Builder for WordPress is vulnerable to Cross-Site Scripting by using the 'mf' shortcode to echo unescaped form submissions in versions up to, and including, 3.3.0. This allows authenticated attackers, with contributor-level permissions or above, to inject...
CVE-2023-0695
The CVE-2023-0695 entry concerns the Metform Elementor Contact Form Builder for WordPress. Affected: WordPress plugin Metform Elementor Contact Form Builder (versions up to and including 3.3.0). Root cause: Cross-Site Scripting via the mf shortcode that echoes unescaped form submissions; the mali...
CVE-2023-0694 Metform Elementor Contact Form Builder <= 3.3.1 - Authenticated (Subscriber+) Information Disclosure via mf shortcode
The Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the 'mf' shortcode in versions up to, and including, 3.3.1. This allows authenticated attackers, with subscriber-level capabilities or above to obtain sensitive information about any standard form...
PT-2023-17275 · WordPress · Metform Elementor Contact Form Builder
Name of the Vulnerable Software and Affected Versions: Metform Elementor Contact Form Builder plugin for WordPress versions up to, and including, 3.3.0 Description: The issue allows unauthorized updates to the permalink structure due to a missing capability check on the permalink setup function...
WordPress Plugin Metform Elementor Contact Form Builder 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...
WordPress Plugin Metform Elementor Contact Form Builder 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...
PT-2023-16460 · WordPress · Metform Elementor Contact Form Builder
Name of the Vulnerable Software and Affected Versions: Metform Elementor Contact Form Builder for WordPress versions up to, and including, 3.3.1 Description: The issue allows authenticated attackers with subscriber-level capabilities or above to obtain sensitive information about the payment stat...
PT-2023-16466 · WordPress · Metform Elementor Contact Form Builder
Name of the Vulnerable Software and Affected Versions: The Metform Elementor Contact Form Builder for WordPress versions up to, and including, 3.3.0 Description: The issue allows authenticated attackers with contributor-level permissions or above to inject arbitrary web scripts in pages. This is...
WordPress Plugin Metform Elementor Contact Form Builder 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...
PT-2023-16467 · WordPress · Metform Elementor Contact Form Builder
Name of the Vulnerable Software and Affected Versions: Metform Elementor Contact Form Builder for WordPress versions up to, and including, 3.3.0 Description: The issue allows authenticated attackers with contributor-level permissions or above to inject arbitrary web scripts in pages using the fna...
PT-2023-16463 · WordPress · Metform Elementor Contact Form Builder
Name of the Vulnerable Software and Affected Versions: Metform Elementor Contact Form Builder for WordPress versions up to, and including, 3.3.0 Description: The issue allows authenticated attackers with contributor-level permissions or above to inject arbitrary web scripts in pages. This is...
PT-2023-16465 · WordPress · Metform Elementor Contact Form Builder
Name of the Vulnerable Software and Affected Versions: Metform Elementor Contact Form Builder for WordPress versions up to, and including, 3.3.0 Description: The issue allows authenticated attackers with contributor-level permissions or above to inject arbitrary web scripts in pages using the mf...
Metform Elementor Contact Form Builder < Unauthenticated CSV Injection
The plugin does not properly escape user-supplied input which is output in CSV files, which could be abused in CSV Injection attacks...
Metform Elementor Contact Form Builder < 3.3.1 - Multiple Contributor+ Stored XSS via Shortcode
The plugin does not properly sanitize and escape user input when processed by many of its shortcodes, which could enable users with contributor privileges to conduct Stored Cross-Site Scripting attacks on the site. Affected shortcodes include mf, mffirstname, mflastname, and mfthankyou...
Metform Elementor Contact Form Builder < 3.3.2 - Multiple Subscriber+ Sensitive Information Disclosure Issues
The plugin does not prevent less privileged users, like subscribers, from accessing various sensitive information via the plugin's shortcodes. This includes payment statuses, transaction IDs, submitter's name information, and virtually all fields of any form submissions...
WordPress plugin Metform Elementor Contact Form Builder 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
WordPress Metform Elementor Contact Form Builder Plugin <= 3.3.0 is vulnerable to Broken Access Control
Software Metform Elementor Contact Form Builder Type Plugin Vulnerable versions = 3.3.0 Fixed in 3.3.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-1843 Patch priority High CVSS severity High 6.5 Developer Wpmet PSID b16a58b44328 Credits Marco Wotschka...
WordPress plugin Metform Elementor Contact Form Builder 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...