Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 5:42 a.m.5 views

CVE-2023-0709

The Metform Elementor Contact Form Builder for WordPress is vulnerable to Cross-Site Scripting by using the 'mflastname' shortcode to echo unescaped form submissions in versions up to, and including, 3.3.0. This allows authenticated attackers, with contributor-level permissions or above, to injec...

5.4CVSS5.3AI score0.00556EPSS
Exploits0References1
OSV
OSV
added 2023/06/09 6:15 a.m.5 views

CVE-2023-0709

The Metform Elementor Contact Form Builder for WordPress is vulnerable to Cross-Site Scripting by using the 'mflastname' shortcode to echo unescaped form submissions in versions up to, and including, 3.3.0. This allows authenticated attackers, with contributor-level permissions or above, to injec...

5.4CVSS6.7AI score0.00556EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2023/06/09 6:15 a.m.1 views

CVE-2023-0709

The Metform Elementor Contact Form Builder for WordPress is vulnerable to Cross-Site Scripting by using the 'mflastname' shortcode to echo unescaped form submissions in versions up to, and including, 3.3.0. This allows authenticated attackers, with contributor-level permissions or above, to injec...

5.4CVSS6AI score0.00556EPSS
Exploits0References4
OSV
OSV
added 2023/06/09 6:15 a.m.4 views

CVE-2023-0691

The Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the 'mflastname' shortcode in versions up to, and including, 3.3.1. This allows authenticated attackers, with subscriber-level capabilities or above to obtain sensitive information about arbitrary...

4.3CVSS6.7AI score0.00603EPSS
Exploits0References3
Rows per page
Query Builder