cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2023-1843,https://securityvulnerability.io/vulnerability/CVE-2023-1843,Unauthorized Permalink Structure Update in Metform Elementor Contact Form Builder for WordPress,"The Metform Elementor Contact Form Builder plugin for WordPress contains a security flaw that allows unauthenticated users to modify the permalink structure due to a missing capability check in the permalink_setup function. Versions up to and including 3.3.0 are affected, creating potential for attackers to exploit this weakness and alter critical functionality without proper authentication. It is crucial for users to update their plugin to mitigate this risk.",Wordpress,Metform Elementor Contact Form Builder – Flexible and Design-Friendly Contact Form builder plugin for WordPress,5.3,MEDIUM,0.0011399999493733048,false,,false,false,false,,false,false,2023-06-09T06:15:00.000Z,0
CVE-2023-0710,https://securityvulnerability.io/vulnerability/CVE-2023-0710,Cross-Site Scripting Vulnerability in Metform Elementor Contact Form Builder for WordPress,"The Metform Elementor Contact Form Builder plugin for WordPress contains a Cross-Site Scripting vulnerability. This issue arises from the use of the 'fname' attribute within the 'mf_thankyou' shortcode, which allows unescaped form submissions to be echoed. The flaw affects versions up to and including 3.3.0. Authenticated attackers with contributor-level permissions or higher can exploit this vulnerability by injecting arbitrary web scripts into pages where the shortcode is used. These malicious scripts execute when victims visit a page that incorporates the submission ID in the query string. While user interaction is necessary to activate the script by visiting a specially crafted link, the script itself is stored in the site's database, and successful exploitation requires a successful payment, adding to the complexity of the attack.",Wordpress,Metform Elementor Contact Form Builder – Flexible And Design-friendly Contact Form Builder Plugin For WordPress,4.9,MEDIUM,0.0006399999838322401,false,,false,false,false,,false,false,2023-06-09T06:15:00.000Z,0
CVE-2023-0721,https://securityvulnerability.io/vulnerability/CVE-2023-0721,CSV Injection Vulnerability in Metform Elementor Contact Form Builder for WordPress,"The Metform Elementor Contact Form Builder plugin for WordPress contains a vulnerability that allows unauthenticated attackers to insert untrusted input into CSV files during export. Versions up to and including 3.3.0 are affected. When these manipulated CSV files are downloaded and opened in a vulnerable environment, they can lead to unintended code execution, potentially compromising system security.",Wordpress,Metform Elementor Contact Form Builder – Flexible And Design-friendly Contact Form Builder Plugin For WordPress,8.3,HIGH,0.0014199999859556556,false,,false,false,false,,false,false,2023-06-09T06:15:00.000Z,0
CVE-2023-0688,https://securityvulnerability.io/vulnerability/CVE-2023-0688,Information Disclosure in Metform Elementor Contact Form Builder for WordPress,"The Metform Elementor Contact Form Builder for WordPress presents a vulnerability that enables authenticated attackers with subscriber-level access or higher to exploit the 'mf_thankyou' shortcode. This flaw allows the unauthorized retrieval of sensitive data related to form submissions, including payment statuses and transaction IDs. Users of versions up to and including 3.3.1 are particularly at risk, highlighting the importance of updating to secure versions to protect sensitive information from potential exposure.",Wordpress,Metform Elementor Contact Form Builder – Flexible and Design-Friendly Contact Form builder plugin for WordPress,6.5,MEDIUM,0.0009500000160187483,false,,false,false,false,,false,false,2023-06-09T06:15:00.000Z,0
CVE-2023-0691,https://securityvulnerability.io/vulnerability/CVE-2023-0691,Information Disclosure in Metform Elementor Contact Form Builder for WordPress,"The Metform Elementor Contact Form Builder plugin for WordPress exhibits a vulnerability that permits authenticated users with subscriber-level permissions or higher to exploit the 'mf_last_name' shortcode. This flaw enables the disclosure of sensitive information, specifically the last names of individuals who have submitted forms, raising concerns about the privacy and confidentiality of user data.",Wordpress,Metform Elementor Contact Form Builder – Flexible and Design-Friendly Contact Form builder plugin for WordPress,4.3,MEDIUM,0.0005499999970197678,false,,false,false,false,,false,false,2023-06-09T06:15:00.000Z,0
CVE-2023-0692,https://securityvulnerability.io/vulnerability/CVE-2023-0692,Information Disclosure in Metform Elementor Contact Form Builder for WordPress,"The Metform Elementor Contact Form Builder for WordPress suffers from an information disclosure vulnerability due to improper handling of the 'mf_payment_status' shortcode. This issue allows authenticated attackers, holding subscriber-level privileges or higher, to access sensitive details regarding the payment status of various form submissions. Users should ensure they update to the latest version to mitigate risks associated with this vulnerability.",Wordpress,Metform Elementor Contact Form Builder – Flexible and Design-Friendly Contact Form builder plugin for WordPress,4.3,MEDIUM,0.0005499999970197678,false,,false,false,false,,false,false,2023-06-09T06:15:00.000Z,0
CVE-2023-0693,https://securityvulnerability.io/vulnerability/CVE-2023-0693,Information Disclosure in Metform Elementor Contact Form Builder for WordPress,"The Metform Elementor Contact Form Builder for WordPress has a vulnerability that permits authenticated users with subscriber-level access or higher to exploit the 'mf_transaction_id' shortcode. This vulnerability can lead to unauthorized access to sensitive transaction IDs related to form submissions that include payment information. It affects all versions up to and including 3.3.1, potentially putting user data at risk.",Wordpress,Metform Elementor Contact Form Builder – Flexible and Design-Friendly Contact Form builder plugin for WordPress,4.3,MEDIUM,0.0005499999970197678,false,,false,false,false,,false,false,2023-06-09T06:15:00.000Z,0
CVE-2023-0694,https://securityvulnerability.io/vulnerability/CVE-2023-0694,Information Disclosure Vulnerability in Metform Plugin for WordPress,"The Metform Elementor Contact Form Builder for WordPress contains a vulnerability that exposes sensitive information through the 'mf' shortcode. Authenticated attackers with subscriber-level capabilities or higher can exploit this flaw to access confidential data from standard form fields in any submission. This raises significant concerns for user privacy and data security, making it imperative for website administrators to update and secure their installations.",Wordpress,Metform Elementor Contact Form Builder – Flexible and Design-Friendly Contact Form builder plugin for WordPress,4.3,MEDIUM,0.0005499999970197678,false,,false,false,false,,false,false,2023-06-09T06:15:00.000Z,0
CVE-2023-0695,https://securityvulnerability.io/vulnerability/CVE-2023-0695,Cross-Site Scripting Vulnerability in Metform Elementor Contact Form Builder for WordPress,"The Metform Elementor Contact Form Builder for WordPress has a Cross-Site Scripting vulnerability where the 'mf' shortcode improperly outputs unescaped form submissions. This flaw affects versions up to 3.3.0 and allows authenticated users with contributor-level permissions or higher to inject malicious web scripts into pages. While user interaction is necessary for the execution of the injected script—since victims must click a specially crafted link containing the form entry ID—the payload is stored in the site's database, posing a significant security risk.",Wordpress,Metform Elementor Contact Form Builder – Flexible and Design-Friendly Contact Form builder plugin for WordPress,5.4,MEDIUM,0.0006399999838322401,false,,false,false,false,,false,false,2023-06-09T06:15:00.000Z,0
CVE-2023-0708,https://securityvulnerability.io/vulnerability/CVE-2023-0708,Cross-Site Scripting Vulnerability in Metform Contact Form Builder by WordPress,"The Metform Elementor Contact Form Builder for WordPress contains a vulnerability that allows authenticated attackers with contributor-level permissions or higher to inject arbitrary scripts. This is accomplished through the use of the 'mf_first_name' shortcode, which improperly handles unescaped form submissions in pages. When a victim visits a page that includes the shortcode and submission ID in the query string, the injected script executes. Although user interaction is required to trigger the script, it poses significant risks as the malicious JavaScript is stored in the site database.",Wordpress,Metform Elementor Contact Form Builder – Flexible and Design-Friendly Contact Form builder plugin for WordPress,5.4,MEDIUM,0.0007800000021234155,false,,false,false,false,,false,false,2023-06-09T06:15:00.000Z,0
CVE-2023-0709,https://securityvulnerability.io/vulnerability/CVE-2023-0709,Cross-Site Scripting in Metform Elementor Contact Form Builder for WordPress,"The Metform Elementor Contact Form Builder for WordPress is susceptible to Cross-Site Scripting (XSS) due to improper handling of the 'mf_last_name' shortcode, which echoes unescaped user submissions. This vulnerability affects versions up to and including 3.3.0. Authenticated attackers with contributor-level permissions can exploit this flaw to inject malicious scripts, which may execute when unsuspecting users visit a constructed link containing the submission ID. The injected script is stored within the website's database, adding to the risk.",Wordpress,Metform Elementor Contact Form Builder – Flexible and Design-Friendly Contact Form builder plugin for WordPress,5.4,MEDIUM,0.0007800000021234155,false,,false,false,false,,false,false,2023-06-09T06:15:00.000Z,0
CVE-2023-0084,https://securityvulnerability.io/vulnerability/CVE-2023-0084,Stored Cross-Site Scripting Vulnerability in Metform Elementor Contact Form Builder Plugin for WordPress,"The Metform Elementor Contact Form Builder plugin for WordPress is prone to a Stored Cross-Site Scripting vulnerability due to inadequate sanitization and escaping of user input. This security flaw affects versions up to 3.1.2 and allows attackers, without authentication, to inject arbitrary scripts into form text areas. These scripts execute in the browsers of users visiting the compromised submissions page, potentially leading to data theft and session hijacking.",Wordpress,Metform Elementor Contact Form Builder – Flexible And Design-friendly Contact Form Builder Plugin For WordPress,7.2,HIGH,0.0019099999917671084,false,,false,false,false,,false,false,2023-03-02T19:15:00.000Z,0
CVE-2023-0085,https://securityvulnerability.io/vulnerability/CVE-2023-0085,ReCaptcha Bypass in Metform Elementor Contact Form Builder Plugin for WordPress,"The Metform Elementor Contact Form Builder plugin for WordPress is susceptible to a reCaptcha bypass that arises from inadequate server-side validation of the captcha data submitted with forms. This vulnerability allows unauthenticated attackers to circumvent reCaptcha protections, potentially enabling automated bots to submit forms maliciously. It is crucial for users of the Metform plugin to ensure they are running the latest versions to mitigate risks associated with this flaw.",Wordpress,Metform Elementor Contact Form Builder – Flexible And Design-friendly Contact Form Builder Plugin For WordPress,5.3,MEDIUM,0.0008200000156648457,false,,false,false,false,,false,false,2023-03-02T17:15:00.000Z,0