305 matches found
CVE-2022-1442
The Metform WordPress plugin is vulnerable to sensitive information disclosure due to improper access control in the /core/forms/action.php file which can be exploited by an unauthenticated attacker to view all API keys and secrets of integrated third-party APIs like that of PayPal, Stripe,...
CVE-2023-50903
Missing Authorization vulnerability in Roxnor Metform metform allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Metform: from n/a through = 3.4.0...
CVE-2023-50903
Missing Authorization vulnerability in Wpmet Metform Elementor Contact Form Builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Metform Elementor Contact Form Builder: from n/a through 3.4.0...
CVE-2023-50903
CVE-2023-50903 is a Missing Authorization vulnerability in the WordPress plugin Metform Elementor Contact Form Builder, affecting versions up to 3.4.0. Root cause: access-control misconfiguration allows exploitation without authentication; impact: high confidentiality, integrity, and availability...
CVE-2023-50903 WordPress Metform Elementor Contact Form Builder plugin <= 3.4.0 - Broken Access Control vulnerability
Missing Authorization vulnerability in Roxnor Metform metform allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Metform: from n/a through = 3.4.0...
CVE-2023-50903 WordPress Metform Elementor Contact Form Builder plugin <= 3.4.0 - Broken Access Control vulnerability
Missing Authorization vulnerability in Roxnor Metform metform allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Metform: from n/a through = 3.4.0...
WordPress plugin Metform Elementor Contact Form Builder 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exist...
PT-2024-14001 · Unknown · Metform Elementor Contact Form Builder
Name of the Vulnerable Software and Affected Versions: Metform Elementor Contact Form Builder versions prior to 3.4.0 Description: The issue is related to a Missing Authorization vulnerability in Metform Elementor Contact Form Builder, which allows exploiting incorrectly configured access control...
WordPress Metform Elementor Contact Form Builder plugin <= 3.2.4 - Unauthenticated Double-Extension Arbitrary File Upload vulnerability
Unauthenticated Double-Extension Arbitrary File Upload vulnerability discovered by Ram in WordPress Plugin Metform versions = 3.2.4...
WordPress Metform Elementor Contact Form Builder Plugin <= 3.2.4 is vulnerable to Arbitrary File Upload
Software Metform Elementor Contact Form Builder Type Plugin Vulnerable versions = 3.2.4 Fixed in 3.3.0 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2023-0714 Patch priority High CVSS severity High 9 Developer Wpmet PSID a1d516cfa020 Credits Ram Required privilege...
CVE-2023-0714
The Metform Elementor Contact Form Builder for WordPress is vulnerable to Arbitrary File Upload due to insufficient file type validation in versions up to, and including, 3.2.4. This allows unauthenticated visitors to perform a "double extension" attack and upload files containing a malicious...
CVE-2023-0714
The Metform Elementor Contact Form Builder for WordPress is vulnerable to Arbitrary File Upload due to insufficient file type validation in versions up to, and including, 3.2.4. This allows unauthenticated visitors to perform a "double extension" attack and upload files containing a malicious...
CVE-2023-0714
The Metform Elementor Contact Form Builder for WordPress is vulnerable to Arbitrary File Upload due to insufficient file type validation in versions up to, and including, 3.2.4. This allows unauthenticated visitors to perform a "double extension" attack and upload files containing a malicious...
CVE-2023-0714
MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor (MetForm) for WordPress is vulnerable to an unauthenticated Arbitrary File Upload due to insufficient file-type validation up to 3.2.4. The attack uses a “double extension” to upload files with a malicious extension that ap...
CVE-2023-0714 Metform Elementor Contact Form Builder <= 3.2.4 - Unauthenticated Double-Extension Arbitrary File Upload
The Metform Elementor Contact Form Builder for WordPress is vulnerable to Arbitrary File Upload due to insufficient file type validation in versions up to, and including, 3.2.4. This allows unauthenticated visitors to perform a "double extension" attack and upload files containing a malicious...
EUVD-2023-12742
The Metform Elementor Contact Form Builder for WordPress is vulnerable to Arbitrary File Upload due to insufficient file type validation in versions up to, and including, 3.2.4. This allows unauthenticated visitors to perform a "double extension" attack and upload files containing a malicious...
PT-2024-11926 · WordPress · Metform Elementor Contact Form Builder
Name of the Vulnerable Software and Affected Versions: The Metform Elementor Contact Form Builder for WordPress versions up to, and including, 3.2.4 Description: The issue is related to insufficient file type validation, allowing unauthenticated visitors to perform a "double extension" attack. Th...
CVE-2024-4266
The MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 3.8.8 via the 'handlefile' function. This can allow unauthenticated attackers to extract sensitive data, such as...
CVE-2024-4266
The MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 3.8.8 via the 'handlefile' function. This can allow unauthenticated attackers to extract sensitive data, such as...
CVE-2024-4266
CVE-2024-4266 concerns the MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor plugin for WordPress. The vulnerability is an unauthenticated sensitive information exposure via handle_file in MetForm versions