VYPR

Metform Elementor Contact Form Builder

by Wpmet

Source repositories

CVEs (27)

  • CVE-2023-0689MedAug 31, 2023
    risk 0.28cvss 4.3epss 0.00

    The Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the 'mf_first_name' shortcode in versions up to, and including, 3.3.1. This allows authenticated attackers, with subscriber-level capabilities or above to obtain sensitive…

  • CVE-2023-2517MedJul 12, 2023
    risk 0.28cvss 5.4epss 0.00

    The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.3.2. This is due to missing or incorrect nonce validation on the permalink_setup function. This makes it possible for unauthenticated…

  • CVE-2023-0692MedJun 9, 2023
    risk 0.28cvss 4.3epss 0.01

    The Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the 'mf_payment_status' shortcode in versions up to, and including, 3.3.1. This allows authenticated attackers, with subscriber-level capabilities or above to obtain sensitive…

  • CVE-2023-0691MedJun 9, 2023
    risk 0.28cvss 4.3epss 0.01

    The Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the 'mf_last_name' shortcode in versions up to, and including, 3.3.1. This allows authenticated attackers, with subscriber-level capabilities or above to obtain sensitive…

  • CVE-2023-0714Aug 17, 2024
    risk 0.00cvss epss 0.01

    The Metform Elementor Contact Form Builder for WordPress is vulnerable to Arbitrary File Upload due to insufficient file type validation in versions up to, and including, 3.2.4. This allows unauthenticated visitors to perform a "double extension" attack and upload files…

  • CVE-2022-23179Jan 16, 2024
    risk 0.00cvss epss 0.01

    The Contact Form & Lead Form Elementor Builder WordPress plugin before 1.7.0 does not escape some of its form fields before outputting them in attributes, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is…

  • CVE-2022-23180Jan 16, 2024
    risk 0.00cvss epss 0.01

    The Contact Form & Lead Form Elementor Builder WordPress plugin before 1.7.4 doesn't have authorisation and nonce checks, which could allow any authenticated users, such as subscriber to update and change various settings

Page 2 of 2