Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 5:42 a.m.4 views

CVE-2023-0709

The Metform Elementor Contact Form Builder for WordPress is vulnerable to Cross-Site Scripting by using the 'mflastname' shortcode to echo unescaped form submissions in versions up to, and including, 3.3.0. This allows authenticated attackers, with contributor-level permissions or above, to injec...

5.4CVSS5.3AI score0.00556EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:41 a.m.7 views

CVE-2023-0084

The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via text areas on forms in versions up to, and including, 3.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

7.2CVSS5.1AI score0.28565EPSS
Exploits5References1
OSV
OSV
added 2023/07/12 5:15 a.m.6 views

CVE-2023-2517

The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.3.2. This is due to missing or incorrect nonce validation on the permalinksetup function. This makes it possible for unauthenticated attackers to change...

4.3CVSS5.7AI score0.00402EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2023/06/09 6:15 a.m.1 views

CVE-2023-0709

The Metform Elementor Contact Form Builder for WordPress is vulnerable to Cross-Site Scripting by using the 'mflastname' shortcode to echo unescaped form submissions in versions up to, and including, 3.3.0. This allows authenticated attackers, with contributor-level permissions or above, to injec...

5.4CVSS6AI score0.00556EPSS
Exploits0References4
Rows per page
Query Builder