Lucene search
K

313 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 10:6 a.m.8 views

CVE-2024-2791

The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 3.8.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5.8AI score0.00323EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:59 a.m.13 views

CVE-2024-1585

The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 3.8.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5.8AI score0.00501EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:48 a.m.5 views

CVE-2024-4266

The MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 3.8.8 via the 'handlefile' function. This can allow unauthenticated attackers to extract sensitive data, such as...

7.5CVSS5.9AI score0.00548EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:58 a.m.8 views

CVE-2024-33570

Missing Authorization vulnerability in Roxnor Metform metform.This issue affects Metform: from n/a through = 3.8.3...

8.8CVSS5.9AI score0.00439EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:42 a.m.5 views

CVE-2023-0709

The Metform Elementor Contact Form Builder for WordPress is vulnerable to Cross-Site Scripting by using the 'mflastname' shortcode to echo unescaped form submissions in versions up to, and including, 3.3.0. This allows authenticated attackers, with contributor-level permissions or above, to injec...

5.4CVSS5.3AI score0.00556EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:41 a.m.3 views

CVE-2023-0695

The Metform Elementor Contact Form Builder for WordPress is vulnerable to Cross-Site Scripting by using the 'mf' shortcode to echo unescaped form submissions in versions up to, and including, 3.3.0. This allows authenticated attackers, with contributor-level permissions or above, to inject...

5.4CVSS5.3AI score0.00416EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:41 a.m.8 views

CVE-2023-0084

The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via text areas on forms in versions up to, and including, 3.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

7.2CVSS5.1AI score0.28565EPSS
Exploits5References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:41 a.m.5 views

CVE-2023-0688

The Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the 'mfthankyou' shortcode in versions up to, and including, 3.3.1. This allows authenticated attackers, with subscriber-level capabilities or above to obtain sensitive information about form...

6.5CVSS5.9AI score0.00735EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:41 a.m.5 views

CVE-2023-0721

The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to CSV injection in versions up to, and including, 3.3.0. This allows unauthenticated attackers to embed untrusted input into exported CSV files, which can result in code execution when these files are downloaded and...

8.3CVSS7.9AI score0.0071EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:41 a.m.8 views

CVE-2023-0693

The Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the 'mftransactionid' shortcode in versions up to, and including, 3.3.1. This allows authenticated attackers, with subscriber-level capabilities or above to obtain sensitive information about the...

6.5CVSS6.2AI score0.00659EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:40 a.m.6 views

CVE-2023-0694

The Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the 'mf' shortcode in versions up to, and including, 3.3.1. This allows authenticated attackers, with subscriber-level capabilities or above to obtain sensitive information about any standard form...

6.5CVSS4.9AI score0.00659EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:39 a.m.5 views

CVE-2023-0692

The Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the 'mfpaymentstatus' shortcode in versions up to, and including, 3.3.1. This allows authenticated attackers, with subscriber-level capabilities or above to obtain sensitive information about the...

4.3CVSS5.1AI score0.00603EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:2 a.m.4 views

CVE-2023-1843

The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to unauthorized permalink structure update due to a missing capability check on the permalinksetup function in versions up to, and including, 3.3.0. This makes it possible for unauthenticated attackers to change the...

6.5CVSS5.4AI score0.00629EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:56 a.m.4 views

CVE-2023-0708

The Metform Elementor Contact Form Builder for WordPress is vulnerable to Cross-Site Scripting by using the 'mffirstname' shortcode to echo unescaped form submissions in versions up to, and including, 3.3.0. This allows authenticated attackers, with contributor-level permissions or above, to inje...

5.4CVSS5.3AI score0.0058EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:56 a.m.5 views

CVE-2023-0691

The Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the 'mflastname' shortcode in versions up to, and including, 3.3.1. This allows authenticated attackers, with subscriber-level capabilities or above to obtain sensitive information about arbitrary...

4.3CVSS5AI score0.00603EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:56 a.m.5 views

CVE-2023-0689

The Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the 'mffirstname' shortcode in versions up to, and including, 3.3.1. This allows authenticated attackers, with subscriber-level capabilities or above to obtain sensitive information about arbitrar...

4.3CVSS5.1AI score0.0046EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:52 a.m.4 views

CVE-2023-0710

The Metform Elementor Contact Form Builder for WordPress is vulnerable to Cross-Site Scripting by using the 'fname' attribute of the 'mfthankyou' shortcode to echo unescaped form submissions in versions up to, and including, 3.3.0. This allows authenticated attackers, with contributor-level...

5.4CVSS5.4AI score0.00389EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:50 a.m.9 views

CVE-2023-0085

The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to reCaptcha Bypass in versions up to, and including, 3.2.1. This is due to insufficient server side checking on the captcha value submitted during a form submission. This makes it possible for unauthenticated attackers...

5.3CVSS6.8AI score0.00691EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:10 a.m.10 views

CVE-2023-50903

Missing Authorization vulnerability in Roxnor Metform metform allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Metform: from n/a through = 3.4.0...

9.8CVSS7.3AI score0.00608EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:4 a.m.7 views

CVE-2023-6788

The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.8.1. This is due to missing or incorrect nonce validation on the contents function. This makes it possible for unauthenticated attackers to update th...

5.4CVSS6.3AI score0.00228EPSS
Exploits0References1
Rows per page
Query Builder