Lucene search
+L

6 matches found

redhatcve
redhatcve
added 2025/02/05 11:0 p.m.14 views

CVE-2022-1442

The Metform WordPress plugin is vulnerable to sensitive information disclosure due to improper access control in the /core/forms/action.php file which can be exploited by an unauthenticated attacker to view all API keys and secrets of integrated third-party APIs like that of PayPal, Stripe,...

7.5CVSS6.2AI score0.09699EPSS
Exploits2References1
attackerkb
attackerkb
added 2023/06/09 6:15 a.m.4 views

CVE-2023-0708

The Metform Elementor Contact Form Builder for WordPress is vulnerable to Cross-Site Scripting by using the 'mffirstname' shortcode to echo unescaped form submissions in versions up to, and including, 3.3.0. This allows authenticated attackers, with contributor-level permissions or above, to inje...

5.4CVSS6AI score0.0058EPSS
Exploits0References4
osv
osv
added 2023/06/09 6:15 a.m.7 views

CVE-2023-0695

The Metform Elementor Contact Form Builder for WordPress is vulnerable to Cross-Site Scripting by using the 'mf' shortcode to echo unescaped form submissions in versions up to, and including, 3.3.0. This allows authenticated attackers, with contributor-level permissions or above, to inject...

5.4CVSS6.7AI score0.00416EPSS
Exploits0References2
prion
prion
added 2022/05/10 8:15 p.m.26 views

Improper access control

The Metform WordPress plugin is vulnerable to sensitive information disclosure due to improper access control in the /core/forms/action.php file which can be exploited by an unauthenticated attacker to view all API keys and secrets of integrated third-party APIs like that of PayPal, Stripe,...

5CVSS7.3AI score0.09699EPSS
Exploits2References3Affected Software1
vulnrichment
vulnrichment
added 2022/05/10 7:30 p.m.9 views

CVE-2022-1442 Metform Elementor Contact Form Builder <= 2.1.3 - Sensitive Information Disclosure

The Metform WordPress plugin is vulnerable to sensitive information disclosure due to improper access control in the /core/forms/action.php file which can be exploited by an unauthenticated attacker to view all API keys and secrets of integrated third-party APIs like that of PayPal, Stripe,...

7.5CVSS7AI score0.09699EPSS
Exploits2References3
cvelist
cvelist
added 2022/05/10 7:30 p.m.42 views

CVE-2022-1442 Metform Elementor Contact Form Builder <= 2.1.3 - Sensitive Information Disclosure

The Metform WordPress plugin is vulnerable to sensitive information disclosure due to improper access control in the /core/forms/action.php file which can be exploited by an unauthenticated attacker to view all API keys and secrets of integrated third-party APIs like that of PayPal, Stripe,...

7.5CVSS7.5AI score0.09699EPSS
Exploits2References3
Rows per page
Query Builder