21 matches found
CVE-2026-25320 WordPress Elementor Contact Form DB plugin <= 2.1.3 - Broken Access Control vulnerability
Missing Authorization vulnerability in Cool Plugins Elementor Contact Form DB sb-elementor-contact-form-db allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Elementor Contact Form DB: from n/a through = 2.1.3...
CVE-2026-25320 WordPress Elementor Contact Form DB plugin <= 2.1.3 - Broken Access Control vulnerability
Missing Authorization vulnerability in Cool Plugins Elementor Contact Form DB sb-elementor-contact-form-db allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Elementor Contact Form DB: from n/a through = 2.1.3...
CVE-2026-25320
Missing Authorization vulnerability in Cool Plugins Elementor Contact Form DB sb-elementor-contact-form-db allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Elementor Contact Form DB: from n/a through = 2.1.3...
PT-2026-20690
Missing Authorization vulnerability in Cool Plugins Elementor Contact Form DB sb-elementor-contact-form-db allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Elementor Contact Form DB: from n/a through = 2.1.3...
EUVD-2024-31307
Malicious code in bioql PyPI...
EUVD-2023-12723
Malicious code in bioql PyPI...
CVE-2023-50903
CVE-2023-50903 is a Missing Authorization vulnerability in the WordPress plugin Metform Elementor Contact Form Builder, affecting versions up to 3.4.0. Root cause: access-control misconfiguration allows exploitation without authentication; impact: high confidentiality, integrity, and availability...
CVE-2023-0714
MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor (MetForm) for WordPress is vulnerable to an unauthenticated Arbitrary File Upload due to insufficient file-type validation up to 3.2.4. The attack uses a “double extension” to upload files with a malicious extension that ap...
CVE-2024-2791 Metform Elementor Contact Form Builder <= 3.8.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Widgets
The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 3.8.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
WordPress Metform Elementor Contact Form Builder Plugin <= 3.3.0 is vulnerable to Cross Site Scripting (XSS)
Software Metform Elementor Contact Form Builder Type Plugin Vulnerable versions = 3.3.0 Fixed in 3.3.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0695 Patch priority Low CVSS severity Low 6.5 Developer Wpmet PSID fb3ef0c3223e Credits Ramuel Gall...
CVE-2023-0721 Metform Elementor Contact Form Builder <= 3.3.0 - Unauthenticated CSV Injection
The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to CSV injection in versions up to, and including, 3.3.0. This allows unauthenticated attackers to embed untrusted input into exported CSV files, which can result in code execution when these files are downloaded and...
WordPress Metform Elementor Contact Form Builder Plugin <= 3.3.0 is vulnerable to Broken Access Control
Software Metform Elementor Contact Form Builder Type Plugin Vulnerable versions = 3.3.0 Fixed in 3.3.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-1843 Patch priority High CVSS severity High 6.5 Developer Wpmet PSID b16a58b44328 Credits Marco Wotschka...
CVE-2023-0084
The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via text areas on forms in versions up to, and including, 3.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
PT-2023-15999 · WordPress · Metform Elementor Contact Form Builder
Name of the Vulnerable Software and Affected Versions: Metform Elementor Contact Form Builder plugin for WordPress versions up to, and including, 3.1.2 Description: The issue is related to Stored Cross-Site Scripting via text areas on forms due to insufficient input sanitization and output...
PT-2023-16000 · WordPress · Metform Elementor Contact Form Builder
Name of the Vulnerable Software and Affected Versions: Metform Elementor Contact Form Builder plugin for WordPress versions up to, and including, 3.2.1 Description: The issue is related to insufficient server-side checking of the captcha value submitted during form submission, allowing...
WordPress Metform Elementor Contact Form Builder Plugin < 3.2.2 reCaptcha Bypass Vulnerability
The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wpmet:metformelementorcontactformbuilder"; if description...
WordPress Metform Elementor Contact Form Builder 3.1.2 Cross Site Scripting Vulnerability
WordPress Metform Elementor Contact Form Builder plugin versions 3.1.2 and below suffer from a persistent cross site scripting vulnerability. Affected Plugin: Metform Elementor Contact Form Builder Plugin Slug: metform Affected Versions: = 3.1.2 CVE ID: CVE-2023-0084 CVSS Score: 7.2 High CVSS...
High-Severity XSS Vulnerability in Metform Elementor Contact Form Builder
On January 4, 2023, independent security researcher Mohammed Chemouri reached out to the Wordfence Vulnerability Disclosure program to responsibly disclose and request a CVE ID for a vulnerability in Metform Elementor Contact Form Builder, a WordPress plugin with over 100,000 installations. The...
CVE-2022-2116 Elementor Contact Form DB < 1.8.0 - Reflected Cross-Site Scripting
The Contact Form DB WordPress plugin before 1.8.0 does not sanitise and escape some parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting...
Elementor Contact Form DB < 1.8.0 - Reflected Cross-Site Scripting
The plugin does not sanitise and escape some parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting When there is at least one submission: https://example.com/wp-admin/edit.php?posttype=elementorcfdb&page=sbelemcfd&formid="...