305 matches found
CVE-2023-0085
The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to reCaptcha Bypass in versions up to, and including, 3.2.1. This is due to insufficient server side checking on the captcha value submitted during a form submission. This makes it possible for unauthenticated attackers...
CVE-2023-0085
The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to reCaptcha Bypass in versions up to, and including, 3.2.1. This is due to insufficient server side checking on the captcha value submitted during a form submission. This makes it possible for unauthenticated attackers...
WordPress Plugin Metform Elementor Contact Form Builder 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress Plugin Metform Elementor Contact...
WordPress Metform Elementor Contact Form Builder Plugin < 3.2.2 reCaptcha Bypass Vulnerability
The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wpmet:metformelementorcontactformbuilder"; if description...
WordPress Metform Elementor Contact Form Builder Plugin < 2.1.4 Information Disclosure Vulnerability
The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wpmet:metformelementorcontactformbuilder"; if description...
Metform Elementor Contact Form Builder < 3.2.2 - reCaptcha Bypass
The plugin does not properly check for the submitted from captcha value server side, which could lead to bypass...
WordPress Metform Elementor Contact Form Builder Plugin < 3.2.0 XSS Vulnerability
The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wpmet:metformelementorcontactformbuilder"; if description...
PT-2023-15999 · WordPress · Metform Elementor Contact Form Builder
Name of the Vulnerable Software and Affected Versions: Metform Elementor Contact Form Builder plugin for WordPress versions up to, and including, 3.1.2 Description: The issue is related to Stored Cross-Site Scripting via text areas on forms due to insufficient input sanitization and output...
PT-2023-16000 · WordPress · Metform Elementor Contact Form Builder
Name of the Vulnerable Software and Affected Versions: Metform Elementor Contact Form Builder plugin for WordPress versions up to, and including, 3.2.1 Description: The issue is related to insufficient server-side checking of the captcha value submitted during form submission, allowing...
WordPress plugin Metform Elementor Contact Form Builder 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
WordPress Metform Elementor Contact Form Builder 3.1.2 Cross Site Scripting Vulnerability
WordPress Metform Elementor Contact Form Builder plugin versions 3.1.2 and below suffer from a persistent cross site scripting vulnerability. Affected Plugin: Metform Elementor Contact Form Builder Plugin Slug: metform Affected Versions: = 3.1.2 CVE ID: CVE-2023-0084 CVSS Score: 7.2 High CVSS...
High-Severity XSS Vulnerability in Metform Elementor Contact Form Builder
On January 4, 2023, independent security researcher Mohammed Chemouri reached out to the Wordfence Vulnerability Disclosure program to responsibly disclose and request a CVE ID for a vulnerability in Metform Elementor Contact Form Builder, a WordPress plugin with over 100,000 installations. The...
Metform Elementor Contact Form Builder < 3.2.0 - Unauthenticated Stored XSS
The plugin does not sanitize and escape some of its submitted entry data when outputting them back in the admin dashboard, which could allow unauthenticated attackers to perform Stored XSS attacks against an admin viewing the malicious entry Setup as admin: Create a new form using MetForm Element...
WordPress Metform Elementor Contact Form Builder Plugin <= 3.1.2 is vulnerable to Cross Site Scripting (XSS)
Software Metform Elementor Contact Form Builder Type Plugin Vulnerable versions = 3.1.2 Fixed in 3.2.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0084 Patch priority High CVSS severity High 7.1 Developer Wpmet PSID 06d2857720ad Credits Mohammed ...
Metform Elementor Contact Form Builder < 3.2.0 - Unauthenticated Stored XSS
The plugin does not sanitize and escape some of its submitted entry data when outputting them back in the admin dashboard, which could allow unauthenticated attackers to perform Stored XSS attacks against an admin viewing the malicious entry PoC Setup as admin: Create a new form using MetForm...
WordPress plugin Metform information leakage vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress plugin Metform is vulnerable to an information disclosure vulnerability, which stems from...
CVE-2022-1442
The Metform WordPress plugin is vulnerable to sensitive information disclosure due to improper access control in the /core/forms/action.php file which can be exploited by an unauthenticated attacker to view all API keys and secrets of integrated third-party APIs like that of PayPal, Stripe,...
CVE-2022-1442
The Metform WordPress plugin is vulnerable to sensitive information disclosure due to improper access control in the /core/forms/action.php file which can be exploited by an unauthenticated attacker to view all API keys and secrets of integrated third-party APIs like that of PayPal, Stripe,...
Improper access control
The Metform WordPress plugin is vulnerable to sensitive information disclosure due to improper access control in the /core/forms/action.php file which can be exploited by an unauthenticated attacker to view all API keys and secrets of integrated third-party APIs like that of PayPal, Stripe,...
CVE-2022-1442 Metform Elementor Contact Form Builder <= 2.1.3 - Sensitive Information Disclosure
The Metform WordPress plugin is vulnerable to sensitive information disclosure due to improper access control in the /core/forms/action.php file which can be exploited by an unauthenticated attacker to view all API keys and secrets of integrated third-party APIs like that of PayPal, Stripe,...