CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 3.8.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5.8AI score0.00193EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 9:59 a.m.•12 views

CVE-2024-1585

The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 3.8.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5.8AI score0.00172EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 5:41 a.m.•7 views

CVE-2023-0693

The Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the 'mftransactionid' shortcode in versions up to, and including, 3.3.1. This allows authenticated attackers, with subscriber-level capabilities or above to obtain sensitive information about the...

6.5CVSS6.2AI score0.00716EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 2:56 a.m.•3 views

CVE-2023-0708

The Metform Elementor Contact Form Builder for WordPress is vulnerable to Cross-Site Scripting by using the 'mffirstname' shortcode to echo unescaped form submissions in versions up to, and including, 3.3.0. This allows authenticated attackers, with contributor-level permissions or above, to inje...

5.4CVSS5.3AI score0.00198EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 2:50 a.m.•8 views

CVE-2023-0085

The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to reCaptcha Bypass in versions up to, and including, 3.2.1. This is due to insufficient server side checking on the captcha value submitted during a form submission. This makes it possible for unauthenticated attackers...

5.3CVSS6.8AI score0.00785EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 2:4 a.m.•5 views

CVE-2023-6788

The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.8.1. This is due to missing or incorrect nonce validation on the contents function. This makes it possible for unauthenticated attackers to update th...

5.4CVSS6.3AI score0.00151EPSS

Exploits0References1

NVD•added 2024/12/09 1:15 p.m.•15 views

CVE-2023-50903

Missing Authorization vulnerability in Roxnor Metform metform allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Metform: from n/a through = 3.4.0...

9.8CVSS0.00399EPSS

Exploits0References1

Cvelist•added 2024/12/09 11:29 a.m.•16 views

CVE-2023-50903 WordPress Metform Elementor Contact Form Builder plugin <= 3.4.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Roxnor Metform metform allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Metform: from n/a through = 3.4.0...

5.3CVSS0.00399EPSS

Exploits0References1

Vulnrichment•added 2024/12/09 11:29 a.m.•8 views

CVE-2023-50903 WordPress Metform Elementor Contact Form Builder plugin <= 3.4.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Roxnor Metform metform allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Metform: from n/a through = 3.4.0...

5.3CVSS8.5AI score0.00399EPSS

Exploits0References1

NVD•added 2024/08/17 10:15 a.m.•12 views

CVE-2023-0714

The Metform Elementor Contact Form Builder for WordPress is vulnerable to Arbitrary File Upload due to insufficient file type validation in versions up to, and including, 3.2.4. This allows unauthenticated visitors to perform a "double extension" attack and upload files containing a malicious...

9.8CVSS0.13921EPSS

Exploits0References3