Lucene search
K

313 matches found

OSV
OSV
added 2024/08/17 10:15 a.m.3 views

CVE-2023-0714

The Metform Elementor Contact Form Builder for WordPress is vulnerable to Arbitrary File Upload due to insufficient file type validation in versions up to, and including, 3.2.4. This allows unauthenticated visitors to perform a "double extension" attack and upload files containing a malicious...

9.8CVSS6.3AI score0.00958EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/08/17 9:38 a.m.18 views

CVE-2023-0714 Metform Elementor Contact Form Builder <= 3.2.4 - Unauthenticated Double-Extension Arbitrary File Upload

The Metform Elementor Contact Form Builder for WordPress is vulnerable to Arbitrary File Upload due to insufficient file type validation in versions up to, and including, 3.2.4. This allows unauthenticated visitors to perform a "double extension" attack and upload files containing a malicious...

8.1CVSS8AI score0.00958EPSS
Exploits0References3
CVE
CVE
added 2024/08/17 9:38 a.m.65 views

CVE-2023-0714

MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor (MetForm) for WordPress is vulnerable to an unauthenticated Arbitrary File Upload due to insufficient file-type validation up to 3.2.4. The attack uses a “double extension” to upload files with a malicious extension that ap...

9.8CVSS8AI score0.00958EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2024/08/17 9:38 a.m.4 views

EUVD-2023-12742

The Metform Elementor Contact Form Builder for WordPress is vulnerable to Arbitrary File Upload due to insufficient file type validation in versions up to, and including, 3.2.4. This allows unauthenticated visitors to perform a "double extension" attack and upload files containing a malicious...

9.8CVSS7.4AI score0.00958EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/08/17 12:0 a.m.4 views

PT-2024-11926 · WordPress · Metform Elementor Contact Form Builder

Name of the Vulnerable Software and Affected Versions: The Metform Elementor Contact Form Builder for WordPress versions up to, and including, 3.2.4 Description: The issue is related to insufficient file type validation, allowing unauthenticated visitors to perform a "double extension" attack. Th...

9.8CVSS8AI score0.00958EPSS
Exploits0References10
OSV
OSV
added 2024/06/11 8:15 a.m.5 views

CVE-2024-4266

The MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 3.8.8 via the 'handlefile' function. This can allow unauthenticated attackers to extract sensitive data, such as...

7.5CVSS5.8AI score0.00548EPSS
Exploits0References3
NVD
NVD
added 2024/06/11 8:15 a.m.35 views

CVE-2024-4266

The MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 3.8.8 via the 'handlefile' function. This can allow unauthenticated attackers to extract sensitive data, such as...

7.5CVSS0.00548EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/06/11 7:32 a.m.20 views

CVE-2024-4266 MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor <= 3.8.8 - Unauthenticated Sensitive Information Exposure

The MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 3.8.8 via the 'handlefile' function. This can allow unauthenticated attackers to extract sensitive data, such as...

5.3CVSS6.8AI score0.00548EPSS
Exploits0References3
CVE
CVE
added 2024/06/11 7:32 a.m.63 views

CVE-2024-4266

CVE-2024-4266 concerns the MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor plugin for WordPress. The vulnerability is an unauthenticated sensitive information exposure via handle_file in MetForm versions

7.5CVSS5.6AI score0.00548EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/06/11 5:45 a.m.3 views

Wordpress MetForm plugin <= 3.8.8 - Unauthenticated Sensitive Information Exposure vulnerability

Unauthenticated Sensitive Information Exposure vulnerability discovered by Tim Coen in WordPress Plugin Metform versions = 3.8.8...

7.5CVSS7AI score0.00548EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/06/11 12:0 a.m.13 views

WordPress Metform Elementor Contact Form Builder Plugin <= 3.8.8 is vulnerable to Sensitive Data Exposure

Software Metform Elementor Contact Form Builder Type Plugin Vulnerable versions = 3.8.8 Fixed in 3.8.9 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-4266 Patch priority Low CVSS severity Low 5.3 Developer Wpmet PSID f8748d7d1a5f Credits Tim Coen...

7.5CVSS6.5AI score0.00548EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2024/06/11 12:0 a.m.2 views

WordPress plugin MetForm security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

7.5CVSS6.3AI score0.00548EPSS
Exploits0References5
WPVulnDB
WPVulnDB
added 2024/06/10 12:0 a.m.17 views

MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor < 3.8.9 - Unauthenticated Sensitive Information Exposure

Description The MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 3.8.8 via the 'handlefile' function. This can allow unauthenticated attackers to extract sensitive data,...

7.5CVSS6.8AI score0.00548EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2024/05/06 8:15 p.m.3 views

CVE-2024-33570

Missing Authorization vulnerability in Wpmet Metform Elementor Contact Form Builder.This issue affects Metform Elementor Contact Form Builder: from n/a through 3.8.3...

8.8CVSS5.8AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/05/06 7:26 p.m.18 views

CVE-2024-33570 WordPress MetForm plugin <= 3.8.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in Roxnor Metform metform.This issue affects Metform: from n/a through = 3.8.3...

4.3CVSS5.9AI score0.00439EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/05/06 7:26 p.m.25 views

CVE-2024-33570 WordPress MetForm plugin <= 3.8.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in Roxnor Metform metform.This issue affects Metform: from n/a through = 3.8.3...

4.3CVSS5AI score0.00439EPSS
Exploits0References1
CVE
CVE
added 2024/05/06 7:26 p.m.87 views

CVE-2024-33570

CVE-2024-33570: Metform Elementor Contact Form Builder for WordPress (versions ≤ 3.8.3) has a Missing Authorization/Broken Access Control vulnerability. The issue enables unauthorized access due to missing authorization checks. Reported as affecting Metform Elementor Contact Form Builder; remedia...

8.8CVSS5.9AI score0.00439EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2024/05/06 12:0 a.m.4 views

PT-2024-25339 · Unknown · Metform Elementor Contact Form Builder

Name of the Vulnerable Software and Affected Versions: Metform Elementor Contact Form Builder versions 3.8.3 and earlier Description: The issue is related to a Missing Authorization vulnerability in the Metform Elementor Contact Form Builder. Recommendations: For Metform Elementor Contact Form...

8.8CVSS6.7AI score0.00439EPSS
Exploits0References8
CNNVD
CNNVD
added 2024/05/06 12:0 a.m.5 views

WordPress plugin Metform Elementor Contact Form Builder 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exist...

8.8CVSS6.5AI score0.00439EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/04/25 1:32 p.m.8 views

WordPress MetForm plugin <= 3.8.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Metform versions = 3.8.3...

8.8CVSS7AI score0.00439EPSS
Exploits0Affected Software1
Rows per page
Query Builder