3 matches found
WordPress Metform Elementor Contact Form Builder Plugin < 3.3.1 Multiple Vulnerabilities
The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wpmet:metformelementorcontactformbuilder"; if description...
WordPress Metform Elementor Contact Form Builder Plugin <= 3.3.0 is vulnerable to CSV Injection
Software Metform Elementor Contact Form Builder Type Plugin Vulnerable versions = 3.3.0 Fixed in 3.3.1 OWASP Top 10 A1: Injection Classification CSV Injection CVE CVE-2023-0721 Patch priority Low CVSS severity Low 4.7 Developer Wpmet PSID 2f722b3f2145 Credits Ramuel Gall Required privilege...
CVE-2023-0721
The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to CSV injection in versions up to, and including, 3.3.0. This allows unauthenticated attackers to embed untrusted input into exported CSV files, which can result in code execution when these files are downloaded and...