cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2023-0714,https://securityvulnerability.io/vulnerability/CVE-2023-0714,Double Extension Attack Vulnerability in Metform Contact Form Builder,"The Metform Elementor Contact Form Builder for WordPress is susceptible to an arbitrary file upload vulnerability caused by inadequate file type validation. This issue is present in versions up to and including 3.2.4. Attackers can exploit this weakness by executing a 'double extension' attack, allowing them to upload files disguised with benign extensions while concealing malicious payloads. In certain configurations, this vulnerability may lead to remote code execution, which poses a significant risk to the security of affected WordPress installations. Proper validation and sanitation of file uploads is crucial to mitigate this risk.",Wordpress,"Metform – Contact Form, Survey, Quiz, & Custom Form Builder For Elementor",8.1,HIGH,0.0006300000241026282,false,,false,false,false,,false,false,2024-08-17T09:38:58.449Z,0
CVE-2024-4266,https://securityvulnerability.io/vulnerability/CVE-2024-4266,Sensitive Information Exposure Vulnerability in MetForm Plugin,"The MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 3.8.8 via the 'handle_file' function. This can allow unauthenticated attackers to extract sensitive data, such as Personally Identifiable Information, from files uploaded by users.",Wordpress,"Metform – Contact Form, Survey, Quiz, & Custom Form Builder For Elementor",5.3,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-06-11T07:32:25.511Z,0