Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpvulndbWpvulndbWPVDB-ID:6F8A9F36-8C2D-4356-A871-03D9BE5987F3
HistoryJun 08, 2023 - 12:00 a.m.

Metform Elementor Contact Form Builder < 3.3.1 - Multiple Contributor+ Stored XSS via Shortcode

2023-06-0800:00:00
wpscan.com
14
metform elementor
contact form builder
stored xss
shortcode
user input
sanitization
cross-site scripting
contributor privileges

EPSS

0.001

Percentile

45.1%

JSON

The plugin does not properly sanitize and escape user input when processed by many of its shortcodes, which could enable users with contributor privileges to conduct Stored Cross-Site Scripting attacks on the site. Affected shortcodes include mf, mf_first_name, mf_last_name, and mf_thankyou.

Related

openvas 1
nvd 4
cve 4
prion 4
cvelist 4
wordfence 1
openvas
openvas
WordPress Metform Elementor Contact Form Builder Plugin < 3.3.1 Multiple Vulnerabilities
2023-06-16 00:00:00
nvd
nvd
CVE-2023-0709
2023-06-09 06:15:52
CVE-2023-0710
2023-06-09 06:15:53
CVE-2023-0695
2023-06-09 06:15:52
cve
cve
CVE-2023-0709
2023-06-09 06:15:52
CVE-2023-0710
2023-06-09 06:15:53
CVE-2023-0695
2023-06-09 06:15:52
prion
prion
Cross site scripting
2023-06-09 06:15:00
Cross site scripting
2023-06-09 06:15:00
Cross site scripting
2023-06-09 06:15:00
cvelist
cvelist
CVE-2023-0709
2023-06-09 05:33:13
CVE-2023-0710
2023-06-09 05:33:23
CVE-2023-0695
2023-06-09 05:33:12
wordfence
wordfence
Wordfence Intelligence Weekly WordPress Vulnerability Report (June 5, 2023 to June 11, 2023)
2023-06-15 13:04:14

EPSS

0.001

Percentile

45.1%

JSON
Related for WPVDB-ID:6F8A9F36-8C2D-4356-A871-03D9BE5987F3
openvas1nvd4cve4prion4cvelist4wordfence1