Lucene search
K

21 matches found

Cvelist
Cvelist
added 2026/02/19 8:26 a.m.31 views

CVE-2026-25320 WordPress Elementor Contact Form DB plugin <= 2.1.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in Cool Plugins Elementor Contact Form DB sb-elementor-contact-form-db allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Elementor Contact Form DB: from n/a through = 2.1.3...

5.3CVSS0.00272EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/19 8:26 a.m.4 views

CVE-2026-25320 WordPress Elementor Contact Form DB plugin <= 2.1.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in Cool Plugins Elementor Contact Form DB sb-elementor-contact-form-db allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Elementor Contact Form DB: from n/a through = 2.1.3...

5.3CVSS5.4AI score0.00272EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/19 8:26 a.m.5 views

CVE-2026-25320

Missing Authorization vulnerability in Cool Plugins Elementor Contact Form DB sb-elementor-contact-form-db allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Elementor Contact Form DB: from n/a through = 2.1.3...

5.4AI score0.00272EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/19 12:0 a.m.8 views

PT-2026-20690

Missing Authorization vulnerability in Cool Plugins Elementor Contact Form DB sb-elementor-contact-form-db allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Elementor Contact Form DB: from n/a through = 2.1.3...

5.4AI score0.00272EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2024-31307

Malicious code in bioql PyPI...

8.8CVSS6.4AI score0.00439EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2023-12723

Malicious code in bioql PyPI...

5.4CVSS6.6AI score0.00416EPSS
Exploits0References2
CVE
CVE
added 2024/12/09 11:29 a.m.58 views

CVE-2023-50903

CVE-2023-50903 is a Missing Authorization vulnerability in the WordPress plugin Metform Elementor Contact Form Builder, affecting versions up to 3.4.0. Root cause: access-control misconfiguration allows exploitation without authentication; impact: high confidentiality, integrity, and availability...

9.8CVSS7.3AI score0.00608EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2024/08/17 9:38 a.m.67 views

CVE-2023-0714

MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor (MetForm) for WordPress is vulnerable to an unauthenticated Arbitrary File Upload due to insufficient file-type validation up to 3.2.4. The attack uses a “double extension” to upload files with a malicious extension that ap...

9.8CVSS8AI score0.00958EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2024/04/02 5:32 a.m.13 views

CVE-2024-2791 Metform Elementor Contact Form Builder <= 3.8.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Widgets

The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 3.8.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS7.4AI score0.00323EPSS
Exploits0References2
Patchstack
Patchstack
added 2023/06/12 12:0 a.m.15 views

WordPress Metform Elementor Contact Form Builder Plugin <= 3.3.0 is vulnerable to Cross Site Scripting (XSS)

Software Metform Elementor Contact Form Builder Type Plugin Vulnerable versions = 3.3.0 Fixed in 3.3.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0695 Patch priority Low CVSS severity Low 6.5 Developer Wpmet PSID fb3ef0c3223e Credits Ramuel Gall...

5.4CVSS6AI score0.00416EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2023/06/09 5:33 a.m.34 views

CVE-2023-0721 Metform Elementor Contact Form Builder <= 3.3.0 - Unauthenticated CSV Injection

The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to CSV injection in versions up to, and including, 3.3.0. This allows unauthenticated attackers to embed untrusted input into exported CSV files, which can result in code execution when these files are downloaded and...

8.3CVSS7.5AI score0.0071EPSS
Exploits0References3
Patchstack
Patchstack
added 2023/05/05 12:0 a.m.13 views

WordPress Metform Elementor Contact Form Builder Plugin <= 3.3.0 is vulnerable to Broken Access Control

Software Metform Elementor Contact Form Builder Type Plugin Vulnerable versions = 3.3.0 Fixed in 3.3.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-1843 Patch priority High CVSS severity High 6.5 Developer Wpmet PSID b16a58b44328 Credits Marco Wotschka...

6.5CVSS6.4AI score0.00629EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2023/03/02 7:15 p.m.69 views

CVE-2023-0084

The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via text areas on forms in versions up to, and including, 3.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

7.2CVSS6.2AI score0.28565EPSS
Exploits5References5
Positive Technologies
Positive Technologies
added 2023/03/02 12:0 a.m.8 views

PT-2023-15999 · WordPress · Metform Elementor Contact Form Builder

Name of the Vulnerable Software and Affected Versions: Metform Elementor Contact Form Builder plugin for WordPress versions up to, and including, 3.1.2 Description: The issue is related to Stored Cross-Site Scripting via text areas on forms due to insufficient input sanitization and output...

7.2CVSS6.1AI score0.28565EPSS
Exploits5References7
Positive Technologies
Positive Technologies
added 2023/03/02 12:0 a.m.9 views

PT-2023-16000 · WordPress · Metform Elementor Contact Form Builder

Name of the Vulnerable Software and Affected Versions: Metform Elementor Contact Form Builder plugin for WordPress versions up to, and including, 3.2.1 Description: The issue is related to insufficient server-side checking of the captcha value submitted during form submission, allowing...

5.3CVSS5.9AI score0.00686EPSS
Exploits0References5
OpenVAS
OpenVAS
added 2023/03/02 12:0 a.m.15 views

WordPress Metform Elementor Contact Form Builder Plugin < 3.2.2 reCaptcha Bypass Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wpmet:metformelementorcontactformbuilder"; if description...

5.3CVSS5.4AI score0.00686EPSS
Exploits0References1
0day.today
0day.today
added 2023/02/07 12:0 a.m.334 views

WordPress Metform Elementor Contact Form Builder 3.1.2 Cross Site Scripting Vulnerability

WordPress Metform Elementor Contact Form Builder plugin versions 3.1.2 and below suffer from a persistent cross site scripting vulnerability. Affected Plugin: Metform Elementor Contact Form Builder Plugin Slug: metform Affected Versions: = 3.1.2 CVE ID: CVE-2023-0084 CVSS Score: 7.2 High CVSS...

7.2CVSS6.7AI score0.28565EPSS
Exploits5
Wordfence Blog
Wordfence Blog
added 2023/02/06 4:20 p.m.42 views

High-Severity XSS Vulnerability in Metform Elementor Contact Form Builder

On January 4, 2023, independent security researcher Mohammed Chemouri reached out to the Wordfence Vulnerability Disclosure program to responsibly disclose and request a CVE ID for a vulnerability in Metform Elementor Contact Form Builder, a WordPress plugin with over 100,000 installations. The...

6.9AI score0.28565EPSS
Exploits5
Cvelist
Cvelist
added 2022/08/15 8:35 a.m.21 views

CVE-2022-2116 Elementor Contact Form DB < 1.8.0 - Reflected Cross-Site Scripting

The Contact Form DB WordPress plugin before 1.8.0 does not sanitise and escape some parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting...

6.2AI score0.0051EPSS
Exploits2References1
wpexploit
wpexploit
added 2022/07/19 12:0 a.m.462 views

Elementor Contact Form DB < 1.8.0 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape some parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting When there is at least one submission: https://example.com/wp-admin/edit.php?posttype=elementorcfdb&page=sbelemcfd&formid="...

6.1CVSS0.7AI score0.0051EPSS
Exploits2
Rows per page
Query Builder