Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpvulndbWpvulndbWPVDB-ID:4CB3FD12-456E-4B77-9953-75957A99DF8A
HistoryJan 11, 2024 - 12:00 a.m.

Metform Elementor Contact Form Builder < 3.8.2 - Cross-Site Request Forgery

2024-01-1100:00:00
wpscan.com
9
metform
elementor
contact form builder
cross-site request forgery
csrf
vulnerability
nonce validation
options update
hubspot

AI Score

6.4

Confidence

Low

EPSS

0.001

Percentile

28.6%

JSON

Description The plugin is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.8.1. This is due to missing or incorrect nonce validation on the contents function. This makes it possible for unauthenticated attackers to update the options “mf_hubsopt_token”, “mf_hubsopt_refresh_token”, “mf_hubsopt_token_type”, and “mf_hubsopt_expires_in” via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. This would allow an attacker to connect their own Hubspot account to a victim site’s metform to obtain leads and contacts.

Related

prion 1
nvd 1
cve 1
cvelist 1
wordfence 1
prion
prion
Cross site request forgery (csrf)
2024-01-09 04:15:00
nvd
nvd
CVE-2023-6788
2024-01-09 04:15:07
cve
cve
CVE-2023-6788
2024-01-09 04:15:07
cvelist
cvelist
CVE-2023-6788
2024-01-09 03:31:31
wordfence
wordfence
Wordfence Intelligence Weekly WordPress Vulnerability Report (January 8, 2024 to January 14, 2024)
2024-01-18 14:52:18

AI Score

6.4

Confidence

Low

EPSS

0.001

Percentile

28.6%

JSON
Related for WPVDB-ID:4CB3FD12-456E-4B77-9953-75957A99DF8A
prion1nvd1cve1cvelist1wordfence1