3 matches found
CVE-2024-1585
CVE-2024-1585 affects Metform – Elementor Contact Form Builder for WordPress. The vulnerability is a Stored Cross-Site Scripting (XSS) in shortcode handling, caused by insufficient input sanitization and output escaping on user-supplied attributes. Affected versions are up to 3.8.3; exploitation ...
CVE-2024-1585 Metform Elementor Contact Form Builder <= 3.8.3 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode
The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 3.8.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
WordPress Metform Elementor Contact Form Builder Plugin <= 3.8.3 is vulnerable to Cross Site Scripting (XSS)
Software Metform Elementor Contact Form Builder Type Plugin Vulnerable versions = 3.8.3 Fixed in 3.8.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1585 Patch priority Low CVSS severity Low 6.5 Developer Wpmet PSID 30fa19a63f6b Credits Bassem Essa...